Candidate: CVE-2020-5216
PublicDate: 2020-01-23 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5216
 https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
 https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
Description:
 In Secure Headers (RubyGem secure_headers), a directive injection
 vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If
 user-supplied input was passed into
 append/override_content_security_policy_directives, a newline could be
 injected leading to limited header injection. Upon seeing a newline in the
 header, rails will silently create a new Content-Security-Policy header
 with the remaining value of the original string. It will continue to create
 new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and
 3.9.0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949998
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N [5.8 MEDIUM]


Patches_ruby-secure-headers:
upstream_ruby-secure-headers: needed
precise/esm_ruby-secure-headers: DNE
trusty_ruby-secure-headers: ignored (out of standard support)
trusty/esm_ruby-secure-headers: DNE
xenial_ruby-secure-headers: DNE
bionic_ruby-secure-headers: needed
eoan_ruby-secure-headers: ignored (reached end-of-life)
focal_ruby-secure-headers: needed
groovy_ruby-secure-headers: not-affected (6.3.1-1)
hirsute_ruby-secure-headers: not-affected (6.3.1-1)
impish_ruby-secure-headers: not-affected (6.3.1-1)
jammy_ruby-secure-headers: not-affected (6.3.1-1)
devel_ruby-secure-headers: not-affected (6.3.1-1)