pkg:npm/%40kindspells/astro-shield
Type
npm
Namespace
@kindspells
Name
astro-shield
Known advisories, vulnerabilities and fixes for @kindspells/astro-shield package.
High
2
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 1.2.0, < 1.3.2 |
CVE-2024-30250
|
 NPM:GHSA-C4GR-Q97G-PPWC
|
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists | high |
2024-04-01T20:33:53
(5 months ago) |
|
| Fixed | = 1.3.2 |
CVE-2024-30250
|
NPM:GHSA-C4GR-Q97G-PPWC
|
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists | high |
2024-04-01T20:33:53
(5 months ago) |
|
| Affected | = 1.2.0 |
CVE-2024-29896
|
NPM:GHSA-W387-5QQW-7G8M
|
Content-Security-Policy header generation in middleware could be compromised by malicious injections | high |
2024-03-29T19:03:59
(5 months ago) |
|
| Fixed | = 1.3.0 |
CVE-2024-29896
|
NPM:GHSA-W387-5QQW-7G8M
|
Content-Security-Policy header generation in middleware could be compromised by malicious injections | high |
2024-03-29T19:03:59
(5 months ago) |