This repository has been archived by the owner on Feb 3, 2023. It is now read-only.
helmet-3.1.0.tgz: 1 vulnerabilities (highest severity is: 6.1) #64
Labels
security vulnerability
Security vulnerability detected by Mend
Vulnerabilities
Details
Vulnerable Library - helmet-csp-2.1.0.tgz
Content Security Policy middleware.
Library home page: https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.1.0.tgz
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Helmet-csp before 2.9.1 is vulnerable to a Configuration Override affecting the application's Content Security Policy (CSP). The package's browser sniffing for Firefox deletes the default-src CSP policy, which is the fallback policy. This allows an attacker to remove an application's default CSP, possibly rendering the application vulnerable to Cross-Site Scripting.
Publish Date: 2019-11-18
URL: WS-2019-0289
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1176
Release Date: 2019-11-18
Fix Resolution (helmet-csp): 2.9.1
Direct dependency fix Resolution (helmet): 3.21.0
The text was updated successfully, but these errors were encountered: