CVE-2020-5216

NameCVE-2020-5216
DescriptionIn Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs949998

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-secure-headers (PTS)bookworm, bullseye6.3.2-1fixed
sid, trixie6.3.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-secure-headerssource(unstable)6.3.1-1949998

Notes

[buster] - ruby-secure-headers <no-dsa> (Minor issue)
https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0

Search for package or bug name: Reporting problems