webpack-subresource-integrity is vulnerable to subresource integrity bypass. Dynamically injected tags use undefined
and the integrity check can be bypassed, potentially resulting in cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
webpack-subresource-integrity | eq | 1.5.0 | |
webpack-subresource-integrity | eq | 1.5.0 |