CNNVD-202508-1068 Information
CNNVD ID
CNNVD-202508-1068
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
Content Security Policy parser是Helmet开源的一个用于解析内容安全策略指令的软件。 Content Security Policy parser 0.5.0及之前版本存在安全漏洞,该漏洞源于原型污染,可能导致对象原型被覆盖。
Description (English)
Content Security Policy Parser is a software for the resolution of content security policy instructions from Helmet Open Source. There is a safety gap in the Content Security Policy 0.5.0 and previous versions, which originates from prototype contamination and may result in the object prototype being covered.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Helmet
Published
2025-08-12
Last Modified
2026-02-24
References
https://github.com/helmetjs/content-security-policy-parser/issues/11 https://www.vicarius.io/vsociety/posts/cve-2025-55164-mitigate-csp-parser-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-55164-detect-node-csp-parser-vulnerability https://github.com/helmetjs/content-security-policy-parser/security/advisories/GHSA-w2cq-g8g3-gm83 https://github.com/helmetjs/content-security-policy-parser/commit/b13a52554f0168af393e3e38ed4a94e9e6aea9dc https://nvd.nist.gov/vuln/detail/CVE-2025-55164
Patch
https://github.com/helmetjs/content-security-policy-parser/tags
Share on: