4 matches found
EUVD-2020-0283
Malware in sbrugna...
EUVD-2020-0281
Malware in sbrugna...
CVE-2020-5217
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
CVE-2020-5216 Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...