EPSS
Percentile
38.5%
secure_headers is vulnerable to CRLF injection. A newline character can be used to write arbitrary value into the Content-Security-Policy header via append/override_content_security_policy_directives.
Content-Security-Policy
append/override_content_security_policy_directives
github.com/advisories/GHSA-w978-rmpf-qmwg
github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg