Published: 23/01/2020 Updated: 18/02/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.8 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions prior to 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
twitter secure headers

Synopsis Important: Satellite 68 release Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 68 for RHEL 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score,which giv ...

Debian Bug report logs - #949998 ruby-secure-headers: CVE-2020-5216 Package: src:ruby-secure-headers; Maintainer for src:ruby-secure-headers is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Jan 2020 07:48:01 UTC ...

CWE-74 https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 https://access.redhat.com/errata/RHSA-2020:4366 https://nvd.nist.gov

CVE-2020-5216

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect