In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.
References
Link | Resource |
---|---|
https://github.com/waysact/webpack-subresource-integrity/commit/3d7090c08c333fcfb10ad9e2d6cf72e2acb7d87f | Patch Third Party Advisory |
https://github.com/waysact/webpack-subresource-integrity/issues/131 | Third Party Advisory |
https://github.com/waysact/webpack-subresource-integrity/security/advisories/GHSA-4fc4-chg7-h8gh | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-10-19T20:10:18
Updated: 2020-10-19T20:10:17
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15262
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-19T20:15:12.667
Modified: 2021-11-18T16:19:14.013
Link: CVE-2020-15262
JSON object: View
Redhat Information
No data.
CWE