CVE-2025-55164

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/helmetjs/content-security-policy-parser/commit/b13a52554f0168af393e3e38ed4a94e9e6aea9dc", "name": "https://github.com/helmetjs/content-security-policy-parser/commit/b13a52554f0168af393e3e38ed4a94e9e6aea9dc", "tags": [], "refsource": ""}, {"url": "https://github.com/helmetjs/content-security-policy-parser/issues/11", "name": "https://github.com/helmetjs/content-security-policy-parser/issues/11", "tags": [], "refsource": ""}, {"url": "https://github.com/helmetjs/content-security-policy-parser/security/advisories/GHSA-w2cq-g8g3-gm83", "name": "https://github.com/helmetjs/content-security-policy-parser/security/advisories/GHSA-w2cq-g8g3-gm83", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-1321"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-55164", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-08-12T16:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-12T16:15Z"}