Description
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Recommendation
Update the webpack-subresource-integrity package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.1
- Patched version(s): 1.5.1
References
Related Issues
- Improper Validation and Sanitization in url-parse - CVE-2020-8124
- MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 - CVE-2025-67898
- Angular vulnerable to Cross-site Scripting - CVE-2020-7676
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- Tags:
- npm
- webpack-subresource-integrity
Anything's wrong? Let us know Last updated on February 01, 2023