6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.2%
When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded-*
HTTP headers. HTTP headers that are not part of the βtrusted_headersβ allowed list are ignored and protect you from βCache poisoningβ attacks.
In Symfony 5.2, weβve added support for the X-Forwarded-Prefix
header, but this header was accessible in sub-requests, even if it was not part of the βtrusted_headersβ allowed list. An attacker could leverage this opportunity to forge requests containing a X-Forwarded-Prefix
HTTP header, leading to a web cache poisoning issue.
Symfony now ensures that the X-Forwarded-Prefix
HTTP header is not forwarded to sub-requests when it is not trusted.
The patch for this issue is available here for branch 5.3.
We would like to thank Soner Sayakci for reporting the issue and JΓ©rΓ©my DerussΓ© for fixing the issue.
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
github.com/symfony/symfony/pull/44243
github.com/symfony/symfony/releases/tag/v5.3.12
github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
nvd.nist.gov/vuln/detail/CVE-2021-41267
symfony.com/cve-2021-41267
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.2%