GHSA-RQQ5-2GF9-4W4Q Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input
Summary secureheaders builds the Content-Security-Policy value by stitching every configured directive together with ; separators. Three directive builders buildsandboxlistdirective, buildmediatypelistdirective, buildreporttodirective interpolate caller-supplied strings into that value without...