RubyGems package
secure_headers
pkg:gem/secure_headers
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-5216 | — | >= 6.0.0, < 6.3.0 | 6.3.0 | Jan 23, 2020 | In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header | ||
| CVE-2020-5217 | — | >= 6.0.0, < 6.2.0 | 6.2.0 | Jan 23, 2020 | In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive inj |
- CVE-2020-5216Jan 23, 2020affected >= 6.0.0, < 6.3.0fixed 6.3.0
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header
- CVE-2020-5217Jan 23, 2020affected >= 6.0.0, < 6.2.0fixed 6.2.0
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive inj