2 matches found
CVE-2020-5216
The CVE-2020-5216 issue affects the RubyGem Secure Headers library. Affected versions before 3.9.0, 5.2.0, and 6.3.0 contain a directive injection flaw: if user-supplied input is passed into append/override_content_security_policy_directives, a newline can be injected, causing Rails to silently c...
CVE-2020-5217
CVE-2020-5217 affects the Ruby gem Secure Headers. The vulnerability is a directive injection in versions before 3.8.0, 5.1.0, and 6.2.0 when user-supplied input is passed to append/override_content_security_policy_directives, allowing semicolons to be injected and potentially override directives...