In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:NTwitter Secure Headers
APPTwitter< 3.9.05.0.0 – 5.2.0 (bez)6.0.0 – 6.3.0 (bez)
Powiązane podatności
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before ...
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction ...
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate...
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in so...
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0...