In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:NTwitter Secure Headers
APPTwitter< 3.9.05.0.0 – 5.2.0 (bez)6.0.0 – 6.3.0 (bez)
Related vulnerabilities
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before ...
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction ...
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate...
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in so...
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0...