3 matches found
CVE-2020-5216
The CVE-2020-5216 issue affects the RubyGem Secure Headers library. Affected versions before 3.9.0, 5.2.0, and 6.3.0 contain a directive injection flaw: if user-supplied input is passed into append/override_content_security_policy_directives, a newline can be injected, causing Rails to silently c...
CVE-2020-5216 Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...
CVE-2020-5216
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...