5 matches found
CVE-2020-15262
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...
CVE-2020-15262
creationtimestamp| type| source ---|---|--- 2020-10-20 00:46:31+00:00| seen| https://t.me/cibsecurity/15396...
CVE-2020-15262 Invalid integrity hashes in webpack-subresource-integrity
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...
CVE-2020-15262
Summary : CVE-2020-15262 affects webpack-subresource-integrity prior to 1.5.1. All dynamically loaded chunks receive an invalid integrity hash, which the browser ignores, removing the extra protection from SRI. Top-level chunks are unaffected. Impact (as stated) : The browser cannot validate inte...
@aldendaniels/react-scripts (=0.8.3), @amc-technology/ui-library (=1.0.10) +186 more potentially affected by CVE-2020-15262 via webpack-subresource-integrity (>=0.7.0 <=1.5.0)
webpack-subresource-integrity NPM version =0.7.0, =1.2.3, =9.0.0, =0.8.8, =0.0.1-SNAPSHOT, =0.0.1-alpha.1, =1.2.2, =0.1.8, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =10.0.0 and more Source cves: CVE-2020-15262 Source advisory: OSV:GHSA-4FC4-CHG7-H8GH...