Add CVE-2020-5217/ruby-secure-headers

author: Salvatore Bonaccorso <carnil@debian.org> 2020-01-25 21:53:28 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-01-25 21:53:28 +0100
commit: 79d807db8c77a4abc2560d74e08cb3733c093570 (patch)
tree: fe47d6b8eb722f33eaf594934a2d3815ca96a17d /data/CVE/list
parent: 849d2c79fea53dba2f96694669526bd2f63d4b10 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 89a349d5ab..4baf17e043 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5900,7 +5900,11 @@ CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execut
 CVE-2020-5218
 	RESERVED
 CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
-	TODO: check
+	- ruby-secure-headers <unfixed>
+	NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
+	NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
+	NOTE: https://github.com/twitter/secure_headers/issues/418
+	NOTE: https://github.com/twitter/secure_headers/pull/421
 CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
 	TODO: check
 CVE-2020-5215
author	Salvatore Bonaccorso <carnil@debian.org>	2020-01-25 21:53:28 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-01-25 21:53:28 +0100
commit	79d807db8c77a4abc2560d74e08cb3733c093570 (patch)
tree	fe47d6b8eb722f33eaf594934a2d3815ca96a17d /data/CVE/list
parent	849d2c79fea53dba2f96694669526bd2f63d4b10 (diff)