Lucene search

[email protected]CVE-2020-5216

HistoryJan 23, 2020 - 3:15 a.m.

CVE-2020-5216

2020-01-2303:15:00

CWE-74

[email protected]

web.nvd.nist.gov

103

cve-2020-5216

secure headers

rubygem

directive injection

vulnerability

security update

header injection

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

37.6%

JSON

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.

CPENameOperatorVersion
twitter:secure_headerstwitter secure headerslt3.9.0
twitter:secure_headerstwitter secure headerslt5.2.0
twitter:secure_headerstwitter secure headerslt6.3.0

CPE	Name	Operator	Version
twitter:secure_headers	twitter secure headers	lt	3.9.0
twitter:secure_headers	twitter secure headers	lt	5.2.0
twitter:secure_headers	twitter secure headers	lt	6.3.0