Description
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Recommendation
Update the webpack-subresource-integrity package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.1
- Patched version(s): 1.5.1
References
Related Issues
- Potential XSS vulnerability in jQuery - jquery - CVE-2020-11022
- Budibase Improper Control of Dynamically-Managed Code Resources vulnerability - CVE-2022-3225
- Improper Validation and Sanitization in url-parse - CVE-2020-8124
- Code Injection in node-rules - CVE-2020-7609
You might also like:
- Tags:
- npm
- webpack-subresource-integrity
Anything's wrong? Let us know Last updated on February 01, 2023