In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| secure_headers(RubyGems) | 6.0.0 | 6.3.0 | N/A |
| secure_headers(RubyGems) | 5.0.0 | 5.2.0 | N/A |
| secure_headers(RubyGems) | 0 | 3.9.0 | N/A |
CVSS Metrics
