Authorization Bypass
secureheaders is vulnerable to authorization bypass. A semicolon character can be used to inject additional values and override arbitrary directives in the Content-Security-Policy header via append/overridecontentsecuritypolicydirectives...