Stored XSS attack: Link preview in channel messages

There is a vulnerability that exists on the “hyperlink card” (preview of the link posted into a channel) when you send a link to someone’s else in a conversation.

An attacker can manipulate the value of the “og:url” meta tag with a JavaScript payload, e.g. javascript:alert(), which result in the XSS being clicklable on victim’s side.

A PoC can be found in the Reproduction Steps section

Is there any way how put in place Content Security Policy and/or to set Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in without this vulnerability?.

[UIKit Version]
@sendbird/chat: 4.10.4
@sendbird/uikit-react: 3.9.0

[Reproduction Steps]

All the time

[Current impact]
It has been report a high severity potential Stored XSS attack by a security advisor.

We released the fix in v3.9.3