CVE-2020-15262

Name of the Vulnerable Software and Affected Versions webpack-subresource-integrity versions prior to 1.5.1

Description The issue affects dynamically loaded chunks, which receive an invalid integrity hash that is ignored by the browser. This removes the additional level of protection offered by Subresource Integrity (SRI) for such chunks. Top-level chunks are unaffected.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 to resolve the issue. As a temporary workaround, consider restricting the use of dynamically loaded chunks until the update is applied.