GoogleOSV:GHSA-W387-5QQW-7G8MContent-Security-Policy header generation in middleware could be compromised by malicious injections
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Impact
When the following conditions are met:
- Automated CSP headers generation for SSR content is enabled
- The web application serves content that can be partially controlled by external users
Then it is possible that the CSP headers generation feature might be “allow-listing” malicious injected resources like inlined JS, or references to external malicious scripts.
Patches
Available in version 1.3.0 .
Workarounds
- Do not enable CSP headers generation.
- Use it only for dynamically generated content that cannot be controlled by external users in any way.
References
Are there any links users can visit to find out more?
| CPE | Name | Operator | Version |
|---|---|---|---|
| @kindspells/astro-shield | eq | 1.2.0 |
References
github.com/KindSpells/astro-shield
github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d
github.com/KindSpells/astro-shield/commit/ad3abf5577bae9be420b7ddf376337a5b8817869
github.com/KindSpells/astro-shield/compare/1.2.0...1.3.0
github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m
nvd.nist.gov/vuln/detail/CVE-2024-29896
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%