CVE-2020-15262

🗓️ 19 Oct 2020 20:12:15Reported by GitHub_MType

webpack-subresource-integrity before version 1.5.1 allows invalid integrity hashes, removing SRI protection

Reporter	Title	Published	Views	Family All 8
Veracode	Subresource Integrity Bypass	20 Oct 202005:17	–	veracode
Veracode	Lack Of Integrity Hash Validation	20 Oct 202001:33	–	veracode
Prion	Input validation	19 Oct 202020:15	–	prion
Cvelist	CVE-2020-15262 Invalid integrity hashes in webpack-subresource-integrity	19 Oct 202020:10	–	cvelist
OSV	Unprotected dynamically loaded chunks	19 Oct 202020:02	–	osv
OSV	CVE-2020-15262	19 Oct 202020:15	–	osv
Github Security Blog	Unprotected dynamically loaded chunks	19 Oct 202020:02	–	github
NVD	CVE-2020-15262	19 Oct 202020:15	–	nvd

Nvd

Vulners

Node

webpack-subresource-integrity_project webpack-subresource-integrityRange<1.5.1node.js

[
  {
    "product": "webpack-subresource-integrity",
    "vendor": "waysact",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.5.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/waysact/webpack-subresource-integrity/issues/131
github	www.github.com/waysact/webpack-subresource-integrity/security/advisories/GHSA-4fc4-chg7-h8gh
github	www.github.com/waysact/webpack-subresource-integrity/commit/3d7090c08c333fcfb10ad9e2d6cf72e2acb7d87f

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Oct 2020 20:15Current

3.9Low risk

Vulners AI Score3.9

CVSS25

CVSS33.7

EPSS0.00115

CWE-345