Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

helmetjs

Source -

CNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2025-55164
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.06% / 20.10%
||
7 Day CHG+0.01%
Published-12 Aug, 2025 | 16:02
Updated-20 Aug, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature.

Action-Not Available
Vendor-helmetjs
Product-content-security-policy-parser
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')