@kindspells/astro-shield@1.3.1 vulnerabilities

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

latest version

1.3.6
latest non vulnerable version

1.3.6
first published

3 months ago
latest version published

18 days ago
licenses detected
- MIT
  >=0
View @kindspells/astro-shield package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @kindspells/astro-shield package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Insufficient Verification of Data Authenticity @kindspells/astro-shield is an Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the setting of a correct `integrity` attribute to injected code. This allows bypassing the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code, leading the browser to believe that the injected resource is legitimate. Note: To exploit this issue, an attacker must first inject code into the rendered pages by exploiting other not-related potential vulnerabilities. How to fix Insufficient Verification of Data Authenticity? Upgrade `@kindspells/astro-shield` to version 1.3.2 or higher.	>=1.2.0 <1.3.2

Insufficient Verification of Data Authenticity

@kindspells/astro-shield is an Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the setting of a correct integrity attribute to injected code. This allows bypassing the allow-lists for cross-origin resources by introducing valid integrity attributes to the injected code, leading the browser to believe that the injected resource is legitimate.

Note: To exploit this issue, an attacker must first inject code into the rendered pages by exploiting other not-related potential vulnerabilities.

How to fix Insufficient Verification of Data Authenticity?

Upgrade @kindspells/astro-shield to version 1.3.2 or higher.

>=1.2.0 <1.3.2

Go back to all versions of this package

@kindspells/astro-shield@1.3.1 vulnerabilities

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities