content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require('content-security-policy-parser'); const x = parse("default-src 'self'; proto foobar"); console.log('raw print:', x); console.log('toString:', x.toString()); Outputs: raw print: Array { 'default-src': [ "'self'" ] } toString: foobar Whilst no gadget exists in this library, it is possible via other libraries expose functionality …