EPSS
Percentile
50.8%
secure_headers is vulnerable to authorization bypass. A semicolon character can be used to inject additional values and override arbitrary directives in the Content-Security-Policy header via append/override_content_security_policy_directives.
Content-Security-Policy
append/override_content_security_policy_directives
github.com/advisories/GHSA-xq52-rv6w-397c
github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
github.com/twitter/secure_headers/issues/418
github.com/twitter/secure_headers/pull/421
github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c