GHSA-W2CQ-G8G3-GM83 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require'content-security-policy-parser'; const x = parse"default-src 'self'; proto foobar";...