Description

Subresource Integrity (SRI) is a security feature that enables browsers to verify that third-party resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing developers to provide a cryptographic hash that a fetched file must match.

Third-party resources (such as scripts and stylesheets) can be manipulated. An attacker that has access or has hacked the hosting CDN can manipulate or replace the files. SRI allows developers to specify a base64-encoded cryptographic hash of the resource to be loaded. The integrity attribute containing the hash is then added to the

References

Subresource Integrity

SRI Hash Generator

Related Vulnerabilities

Overly long session timeout in servlet configuration

OSGi Management Console Default Credentials

Apache JServ protocol service

Apache Geronimo default administrative credentials

Apache configured to run as proxy

Severity

Info

Classification

CWE-830 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N

Tags

Configuration