CVE-2024-29896
Last modified
CVE-2024-29896 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kindspells | Astro-Shield | 1.2.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-29896?
How severe is CVE-2024-29896?
How do I fix CVE-2024-29896?
Are you affected by CVE-2024-29896?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST