@kindspells/astro-shield@1.2.0 vulnerabilities
Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
latest version
1.7.1
latest non vulnerable version
first published
1 years ago
latest version published
8 months ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @kindspells/astro-shield package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@kindspells/astro-shield is an Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the setting of a correct Note: To exploit this issue, an attacker must first inject code into the rendered pages by exploiting other not-related potential vulnerabilities. How to fix Insufficient Verification of Data Authenticity? Upgrade | >=1.2.0 <1.3.2 |
@kindspells/astro-shield is an Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') when automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users. An attacker can allow-list malicious injected resources like inlined JS, or references to external malicious scripts by exploiting the CSP headers generation feature. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade | >=1.2.0 <1.3.0 |