Home > Vulnerability Database > CVE-2024-29896

Mend.io Vulnerability Database

CVE-2024-29896

Good to know:

Date: March 28, 2024

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.

Language: JS

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29896

Url: https://github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m

Url: https://github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d

Url: https://www.mend.io/vulnerability-database/CVE-2024-29896

Severity Score

7.5

Weakness Type (CWE)

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version @kindspells/astro-shield - 1.3.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29896

Good to know:

Date: March 28, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?