Description
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Recommendation
Update the webpack-subresource-integrity package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.1
- Patched version(s): 1.5.1
References
Related Issues
- Prototype Pollution in jquery-deparam - CVE-2021-20087
- files.photo.gallery command injection - CVE-2024-53615
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- mapshaper Path Traversal vulnerability - CVE-2024-1163
- Tags:
- npm
- webpack-subresource-integrity
Anything's wrong? Let us know Last updated on February 01, 2023