Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2020/04/01 12:0 a.m.30 views

Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities

Symfony is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

8.1CVSS6.2AI score0.01297EPSS
Exploits0References2
NVD
NVD
added 2020/03/30 8:15 p.m.28 views

CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the...

4.3CVSS4.2AI score0.01297EPSS
Exploits0References4
CVE
CVE
added 2020/03/30 7:30 p.m.121 views

CVE-2020-5255

Symfony's CVE-2020-5255 affects pre-4.4.7 and pre-5.0.7 releases where a Response without a Content-Type may fall back to the Accept header, causing a mismatch between content and Content-Type. The issue can impact cached responses, potentially making sites unusable for other users. The vulnerabi...

4.3CVSS4.5AI score0.01297EPSS
Exploits0References4Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/03/30 2:0 p.m.22 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

4.3CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/03/30 2:0 p.m.20 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

4.3CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Symfony
Symfony
added 2020/03/30 12:0 a.m.36 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

Affected versions Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony HttpFoundation component are affected by this security issue. The issue has been fixed in Symfony 4.4.7 and 5.0.7. Description When a Response does not contain a Content-Type header, Symfony falls back to the form...

4.3CVSS4.4AI score0.01297EPSS
Exploits0
Rows per page
Query Builder