Lucene search
Redhat.comRH:CVE-2020-5217HistoryFeb 10, 2020 - 2:44 p.m.
CVE-2020-5217
2020-02-1014:44:34
redhat.com
access.redhat.com
27
EPSS
0.001
Percentile
50.8%
A flaw was found in rubygem-secure_headers in versions prior to 6.2.0, 5.1.0, and 3.8.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection which could be used to override a script-src directive. The highest threat from this vulnerability is to data integrity.
Related
rubygems
rubygems
secure_headers directive injection using semicolon
2020-01-22 21:00:00
github
github
Directive injection when using dynamic overrides with user input
2020-01-23 02:28:11
ubuntucve
ubuntucve
CVE-2020-5217
2020-01-23 00:00:00
prion
prion
Code injection
2020-01-23 03:15:00
nvd
nvd
CVE-2020-5217
2020-01-23 03:15:10
osv
osv
Directive injection when using dynamic overrides with user input
2020-01-23 02:28:11
CVE-2020-5217
2020-01-23 03:15:10
debiancve
debiancve
CVE-2020-5217
2020-01-23 03:15:10
cve
cve
CVE-2020-5217
2020-01-23 03:15:10
veracode
veracode
Authorization Bypass
2020-01-23 06:12:27
cvelist
cvelist
redhat
redhat
(RHSA-2020:4366) Important: Satellite 6.8 release
2020-10-27 12:45:25
nessus
nessus
RHEL 7 : Satellite 6.8 (Important) (RHSA-2020:4366)
2020-11-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34