2 matches found
CVE-2020-5217 Directive injection when using dynamic overrides with user input in RubyGems secure_headers
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
CVE-2020-5217
CVE-2020-5217 affects the Ruby gem Secure Headers. The vulnerability is a directive injection in versions before 3.8.0, 5.1.0, and 6.2.0 when user-supplied input is passed to append/override_content_security_policy_directives, allowing semicolons to be injected and potentially override directives...