VYPR

npm package

content-security-policy-parser

pkg:npm/content-security-policy-parser

Vulnerabilities (1)

  • CVE-2025-55164HigAug 12, 2025
    affected < 0.6.0fixed 0.6.0

    content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A