CVE-2024-29896

Name of the Vulnerable Software and Affected Versions Astro-Shield versions prior to 1.3.0

Description Astro-Shield is a library used to compute subresource integrity hashes for JavaScript scripts and CSS stylesheets. When automated Content Security Policy (CSP) headers generation for Server-Side Rendering (SSR) content is enabled and the web application serves content that can be partially controlled by external users, there is a possibility that the CSP headers generation feature might allow malicious injected resources, such as inlined JavaScript or references to external malicious scripts.

Recommendations For versions prior to 1.3.0, update to version 1.3.0 to resolve the issue. As a temporary workaround, consider disabling the automated CSP headers generation feature until a patch is available. Alternatively, use the CSP headers generation feature only for dynamically generated content that cannot be controlled by external users in any way.