In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Information Disclosure
Webpack Subresource Integrity
NVD
GitHub
CVSS 3.1
3.7
EPSS
0.5%