Miggo Logo
Miggo Vulnerability Database
CVE-2024-29896

CVE-2024-29896:
Content-Security-Policy header generation in middleware could be compromised by malicious injections

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-29896
GHSA ID
GHSA-w387-5qqw-7g8m
EPSS Score
0.31816%
CWE
CWE-74
Published
3/29/2024
Updated
9/12/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
@kindspells/astro-shieldnpm= 1.2.01.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how external resources were handled in SSR content processing. The function updateDynamicPageSriHashes() in src/core.mjs previously: 1. Automatically fetched and generated SRI hashes for ANY external resource URL found in content 2. Lacked validation against an allow-list for cross-origin resources 3. Directly modified CSP headers based on these uncontrolled hashes. The commit diff shows critical changes where external resource processing was modified to require explicit allow-listing, and removed automatic fetching of arbitrary URLs. This function was the primary entry point for processing user-influenced content into security headers, making it the core vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W**n t** *ollowin* *on*itions *r* m*t: - *utom*t** *SP *****rs **n*r*tion *or SSR *ont*nt is *n**l** - T** w** *ppli**tion s*rv*s *ont*nt t**t **n ** p*rti*lly *ontroll** *y *xt*rn*l us*rs T**n it is possi*l* t**t t** *SP *****rs **n*r*t

Reasoning

T** vuln*r**ility st*ms *rom *ow *xt*rn*l r*sour**s w*r* **n*l** in SSR *ont*nt pro**ssin*. T** *un*tion `up**t**yn*mi*P***Sri**s**s()` in `sr*/*or*.mjs` pr*viously: *. *utom*ti**lly **t**** *n* **n*r*t** SRI **s**s *or *NY *xt*rn*l r*sour** URL *oun