helmet-csp@2.3.0

Vulnerabilities

1 via 1 paths

Dependencies

6

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Configuration Override

  • Vulnerable module: helmet-csp
  • Introduced through: helmet-csp@2.3.0

Detailed paths

  • Introduced through: helmet-csp@2.3.0
    Remediation: Upgrade to helmet-csp@2.9.2.

Overview

helmet-csp is a Content Security Policy that helps prevent unwanted content being injected into your webpages.

Affected versions of this package are vulnerable to Configuration Override affecting the application's Content Security Policy (CSP). It's browser sniffing for Firefox deletes the default-src CSP policy, which is the fallback policy. This allows an attacker to remove an application's default CSP.

Remediation

Upgrade helmet-csp to version 2.9.2 or higher.

References