34 matches found
Code injection
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
CVE-2020-5217
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
Design/Logic Flaw
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...
UBUNTU-CVE-2020-5216
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...
UBUNTU-CVE-2020-5217
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
CVE-2020-5216
The CVE-2020-5216 issue affects the RubyGem Secure Headers library. Affected versions before 3.9.0, 5.2.0, and 6.3.0 contain a directive injection flaw: if user-supplied input is passed into append/override_content_security_policy_directives, a newline can be injected, causing Rails to silently c...
CVE-2020-5216
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...
GHSA-XQ52-RV6W-397C Directive injection when using dynamic overrides with user input
Impact If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in...
Directive injection when using dynamic overrides with user input
Impact If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in...
CVE-2020-5217
CVE-2020-5217 affects the Ruby gem Secure Headers. The vulnerability is a directive injection in versions before 3.8.0, 5.1.0, and 6.2.0 when user-supplied input is passed to append/override_content_security_policy_directives, allowing semicolons to be injected and potentially override directives...
CVE-2020-5217
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
Cross-site Scripting (XSS)
github.com/portainer/portainer is vulnerable to cross-site scripting XSS attacks. The library does not use HTTP Secure Headers, allowing a malicious user to inject and execute arbitrary Javascript through the Team Name field...
Missing Secure Headers
openmeetings-db is vulnerable to missing secure headers. The library does not use secure HTTP headers, allowing a malicious user to conduct various attacks such as clickjacking...
http-security-headers NSE Script
Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The...