GHSA-C3M8-X3CG-QM2C Configuration Override in helmet-csp

Versions of helmet-csp before to 2.9.1 are vulnerable to a Configuration Override affecting the application's Content Security Policy CSP. The package's browser sniffing for Firefox deletes the default-src CSP policy, which is the fallback policy. This allows an attacker to remove an application'...

1405_logging (=1.0.0), @2o3t-core/plugin-common (>=0.0.1 <=0.0.52) +2310 more potentially affected by unknown CVE via helmet-csp (>=1.2.2 <=2.9.0)

helmet-csp NPM version =1.2.2, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.3.5, =1.0.0, =1.2.1, =0.1.2, =0.0.2, =11.1.0, =0.0.1, =0.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C3M8-X3CG-QM2C...

Configuration Override in helmet-csp

Versions of helmet-csp before to 2.9.1 are vulnerable to a Configuration Override affecting the application's Content Security Policy CSP. The package's browser sniffing for Firefox deletes the default-src CSP policy, which is the fallback policy. This allows an attacker to remove an application'...

Configuration Override

Overview Versions of helmet-csp before to 2.9.1 are vulnerable to a Configuration Override affecting the application's Content Security Policy CSP. The package's browser sniffing for Firefox deletes the default-src CSP policy, which is the fallback policy. This allows an attacker to remove an...