CVE-2020-5216

Name of the Vulnerable Software and Affected Versions Secure Headers versions prior to 3.9.0 Secure Headers versions prior to 5.2.0 Secure Headers versions prior to 6.3.0

Description A directive injection vulnerability is present in Secure Headers. If user-supplied input was passed into append/override content security policy directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This allows for malicious values to be injected, potentially leading to security issues.

Recommendations For versions prior to 3.9.0, update to version 3.9.0 or later. For versions prior to 5.2.0, update to version 5.2.0 or later. For versions prior to 6.3.0, update to version 6.3.0 or later. As a temporary workaround, consider using the following code to prevent newline injection: override content security policy directives(:frame src, [user input.gsub(" ", " ")]).