Description
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Recommendation
Update the webpack-subresource-integrity package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.1
- Patched version(s): 1.5.1
References
Related Issues
- Expo on iOS is insecure due incorrect security attribute application - CVE-2020-24653
- XSS due to lack of CSRF validation for replying/publishing - CVE-2020-15156
- react-native-keys insecurely stores encryption cipher and Base64 chunks - CVE-2025-45001
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
You might also like:
- Tags:
- npm
- webpack-subresource-integrity
Anything's wrong? Let us know Last updated on February 01, 2023


