VYPR

RubyGems package

secure_headers

pkg:gem/secure_headers

Vulnerabilities (2)

  • CVE-2020-5216Jan 23, 2020
    affected >= 6.0.0, < 6.3.0fixed 6.3.0

    In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header

  • CVE-2020-5217Jan 23, 2020
    affected >= 6.0.0, < 6.2.0fixed 6.2.0

    In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive inj