Security Advisory

CVE-2024-29896

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-28 12:48:53

Last updated 2024-08-02 01:17:58

Assigner GitHub_M

State PUBLISHED

Description

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.

← Browse all CVEs View on cve.org ↗