FW: [Questions] BUG REPORT = SRI FAILURE
28 views
Skip to first unread message
Dean Coclin
May 20, 2026, 9:24:43 AMMay 20
to 'Jos Purvis' via Infrastructure (CA/B Forum)
Is this real and is it something infrastructure should look into?
-----Original Message-----
From: bpshu...@gmail.com <bpshu...@gmail.com>
Sent: Wednesday, May 20, 2026 2:56 PM
To: CABforum4 <ques...@cabforum.org>
Subject: [Questions] BUG REPORT = SRI FAILURE
Subject: SRI Failure Detected on cabforum.org
Summary:
There is a Subresource Integrity (SRI) failure occurring on the website
https://url.avanan.click/v2/r01/___https://cabforum.org/___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3OjRkYWM6OGEwNTY2YmM2MGUwZTU3ODczYjI2N2U3NTY5OGFlNWIyMTA2NTdhMTkyNmRmZDQwYjY2NjE0NjFmMTcxN2M0MDpwOlQ6Rg.
The SRI mechanism is intended to ensure the integrity of resources fetched
from a remote source, preventing potential security vulnerabilities. However,
it seems that the SRI check is not passing for certain resources on the
mentioned website.
Vulnerable URL:
https://url.avanan.click/v2/r01/___https://cabforum.org/___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3OjBjMjc6ODQ4ZTU4NTFjYzM1YTc5NTlmMzdmYWQyMWFhODRhNjRjMjI2Yjg4YTI3OTBlMmE5NzZlNTRiNTZmMjgwN2MzNjpwOlQ6Rg
Steps to Reproduce:
1. Clone and use the following tool:
https://url.avanan.click/v2/r01/___https://github.com/4ARMED/sri-check___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3Ojk0ZjU6NmI5ZDVmZWUyZmYzYTBjNGEzZjA5Yjg1MDZkNGUwYzk4ZDc2M2NkNDdlODI4ZjEwNjY4Njc1NDE1OThiOWI0YTpwOlQ6Rg
2. Run:
sri-check
https://url.avanan.click/v2/r01/___https://cabforum.org/___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3OjcyNTc6MmYxODNiMzFhNDk1MDU2NTRlYTY3ZjIwODEzOTAwMWE1MDM2MjQzYWU0MGIwMTQzNDYzOGNmZjlhMDkwODJjYTpwOlQ6Rg -
a
Impact:
- SRI failures may allow injection of malicious code from modified external
scripts.
Best regards,
Gaurav Shukla
Independent Security Researcher
Telegram: t.me/Ciphershade488
To unsubscribe from this group and stop receiving emails from it, send an
email to questions+...@groups.cabforum.org.
-----Original Message-----
From: bpshu...@gmail.com <bpshu...@gmail.com>
Sent: Wednesday, May 20, 2026 2:56 PM
To: CABforum4 <ques...@cabforum.org>
Subject: [Questions] BUG REPORT = SRI FAILURE
Subject: SRI Failure Detected on cabforum.org
Summary:
There is a Subresource Integrity (SRI) failure occurring on the website
https://url.avanan.click/v2/r01/___https://cabforum.org/___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3OjRkYWM6OGEwNTY2YmM2MGUwZTU3ODczYjI2N2U3NTY5OGFlNWIyMTA2NTdhMTkyNmRmZDQwYjY2NjE0NjFmMTcxN2M0MDpwOlQ6Rg.
The SRI mechanism is intended to ensure the integrity of resources fetched
from a remote source, preventing potential security vulnerabilities. However,
it seems that the SRI check is not passing for certain resources on the
mentioned website.
Vulnerable URL:
https://url.avanan.click/v2/r01/___https://cabforum.org/___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3OjBjMjc6ODQ4ZTU4NTFjYzM1YTc5NTlmMzdmYWQyMWFhODRhNjRjMjI2Yjg4YTI3OTBlMmE5NzZlNTRiNTZmMjgwN2MzNjpwOlQ6Rg
Steps to Reproduce:
1. Clone and use the following tool:
https://url.avanan.click/v2/r01/___https://github.com/4ARMED/sri-check___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3Ojk0ZjU6NmI5ZDVmZWUyZmYzYTBjNGEzZjA5Yjg1MDZkNGUwYzk4ZDc2M2NkNDdlODI4ZjEwNjY4Njc1NDE1OThiOWI0YTpwOlQ6Rg
2. Run:
sri-check
https://url.avanan.click/v2/r01/___https://cabforum.org/___.YXAzOmRpZ2ljZXJ0OmE6bzo1NDgxZjk0MzQ3MGU1NzYzODI0MWQ0OGRjNDMxYjE2Njo3OjcyNTc6MmYxODNiMzFhNDk1MDU2NTRlYTY3ZjIwODEzOTAwMWE1MDM2MjQzYWU0MGIwMTQzNDYzOGNmZjlhMDkwODJjYTpwOlQ6Rg -
a
Impact:
- SRI failures may allow injection of malicious code from modified external
scripts.
Best regards,
Gaurav Shukla
Independent Security Researcher
Telegram: t.me/Ciphershade488
To unsubscribe from this group and stop receiving emails from it, send an
email to questions+...@groups.cabforum.org.
Reply all
Reply to author
Forward
0 new messages