How severe is CVE-2020-5216?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2020-5216?

This is classified as CWE-113, which is a common weakness in software security.

CVE-2020-5216

MEDIUM Year: 2020

CVSS v3 Score

5.8

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-113

View all →

Vulnerability Description

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.

CVE-2016-5325

MEDIUM

CVSS:6.1(Medium)

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject ...

CWE-1132016

CVE-2016-5699

MEDIUM

CVSS:6.1(Medium)

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP ...

CWE-1132016

CVE-2016-6839

MEDIUM

CVSS:6.1(Medium)

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CWE-1132016

CVE-2017-12308

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of th...

CWE-1132017

CVE-2017-1262

MEDIUM

CVSS:6.1(Medium)

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respon...

CWE-1132017

CVE-2017-7443

MEDIUM

CVSS:6.1(Medium)

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

CWE-1132017

CVE-2020-5216

Vulnerability Description

Related Vulnerabilities

CVE-2016-5325

CVE-2016-5699

CVE-2016-6839

CVE-2017-12308

CVE-2017-1262

CVE-2017-7443