Lucene search
K

116 matches found

Veracode
Veracode
added 2020/10/20 5:17 a.m.19 views

Subresource Integrity Bypass

webpack-subresource-integrity is vulnerable to subresource integrity bypass. Dynamically injected tags use undefined and the integrity check can be bypassed, potentially resulting in cross-site scripting attacks...

5CVSS1.6AI score0.00517EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/10/19 8:15 p.m.19 views

CVE-2020-15262

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...

5CVSS0.00517EPSS
Exploits0References3
OSV
OSV
added 2020/10/19 8:15 p.m.8 views

CVE-2020-15262

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...

3.7CVSS4.2AI score
Exploits0References3
Prion
Prion
added 2020/10/19 8:15 p.m.20 views

Input validation

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...

5CVSS4.1AI score0.00517EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/10/19 8:10 p.m.25 views

CVE-2020-15262 Invalid integrity hashes in webpack-subresource-integrity

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...

3.7CVSS4AI score0.00517EPSS
Exploits0References3
CVE
CVE
added 2020/10/19 8:10 p.m.65 views

CVE-2020-15262

Summary : CVE-2020-15262 affects webpack-subresource-integrity prior to 1.5.1. All dynamically loaded chunks receive an invalid integrity hash, which the browser ignores, removing the extra protection from SRI. Top-level chunks are unaffected. Impact (as stated) : The browser cannot validate inte...

5CVSS3.9AI score0.00517EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2020/10/19 8:2 p.m.5 views

@aldendaniels/react-scripts (=0.8.3), @amc-technology/ui-library (=1.0.10) +186 more potentially affected by CVE-2020-15262 via webpack-subresource-integrity (>=0.7.0 <=1.5.0)

webpack-subresource-integrity NPM version =0.7.0, =1.2.3, =9.0.0, =0.8.8, =0.0.1-SNAPSHOT, =0.0.1-alpha.1, =1.2.2, =0.1.8, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =10.0.0 and more Source cves: CVE-2020-15262 Source advisory: OSV:GHSA-4FC4-CHG7-H8GH...

5CVSS5.8AI score0.00517EPSS
Exploits0
OSV
OSV
added 2020/10/19 8:2 p.m.3 views

GHSA-4FC4-CHG7-H8GH Unprotected dynamically loaded chunks

Impact All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. Patches This issue is...

3.7CVSS5.9AI score0.00517EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/10/19 8:2 p.m.54 views

Unprotected dynamically loaded chunks

Impact All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. Patches This issue is...

5CVSS1.9AI score0.00517EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/07 12:0 a.m.15 views

Invalid Subresource Integrity

Subresource Integrity SRI is a web security standard that enables browsers to verify that resources hosted by third parties CDN for example are delivered without unexpected manipulation. SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag like scrip...

7.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/01 12:0 a.m.22 views

Missing Subresource Integrity

Subresource Integrity SRI is a web security standard that enables browsers to verify that resources hosted by third parties CDN for example are delivered without unexpected manipulation. SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag like scrip...

7.5AI score
Exploits0References2
ThreatPost
ThreatPost
added 2018/02/12 12:28 p.m.11 views

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner

More than 4,200 websites, including many run the U.K. and U.S. governments, were infected on Feb. 11 by a Monero cryptocurrency miner delivered through Browsealoud, a hosted accessibility service that can read website content aloud for people with visual impairments. Browsealoud developer Texthel...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2017/06/30 1:11 p.m.9 views

Majority of Sites Fail Mozilla's Comprehensive Security Review

A majority of the top 1 million websites earn an “F” letter grade when it comes to adopting defensive security technology that protect visitors from XSS vulnerabilities, man-in-the-middle attacks, and cookie hijacking. The failing grades come from a comprehensive analysis published this week by t...

6.2AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.10 views

The vulnerability of Google Chrome’s browser allows a violator to bypass mechanisms designed to protect the integrity of subresources.

The vulnerability of the PendingScript::notifyFinished function in Google Chrome’s WebKit/Source/core/dom/PendingScript.cpp is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass Subresource Integrity SRI protection mechanisms by...

7.5CVSS7.7AI score0.01836EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/11 12:0 a.m.39 views

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2920-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2920-1 advisory. It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in ...

10CVSS7.8AI score0.02749EPSS
Exploits3References14
OpenVAS
OpenVAS
added 2016/03/11 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-2920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.02749EPSS
Exploits3References2
OSV
OSV
added 2016/03/10 5:22 p.m.7 views

USN-2920-1 oxide-qt vulnerabilities

It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1630 It was...

10CVSS7.1AI score0.02749EPSS
Exploits3References14
CNVD
CNVD
added 2016/03/08 12:0 a.m.4 views

Google Chrome Security Bypass Vulnerability (CNVD-2016-01515)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the 'PendingScript::notifyFinished' function in the WebKit/Source/core/dom/PendingScript.cpp file in Google Chrome versions prior to 49.0.2623.75. A security vulnerability exists...

9.8CVSS9.1AI score0.01836EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/03/07 3:22 a.m.8 views

chromium-browser: SRI Validation Bypass

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...

9.8CVSS7.4AI score0.01836EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/03/07 12:0 a.m.32 views

Debian DSA-3507-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. - CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. - CVE-2016-1631 Mariusz...

10CVSS7.3AI score0.10339EPSS
Exploits3References30
Rows per page
Query Builder