6 matches found
Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities
Symfony is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...
CVE-2020-5255
In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the...
CVE-2020-5255
Symfony's CVE-2020-5255 affects pre-4.4.7 and pre-5.0.7 releases where a Response without a Content-Type may fall back to the Accept header, causing a mismatch between content and Content-Type. The issue can impact cached responses, potentially making sites unusable for other users. The vulnerabi...
CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header
More info at https://symfony.com/cve-2020-5255...
CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header
More info at https://symfony.com/cve-2020-5255...
CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header
Affected versions Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony HttpFoundation component are affected by this security issue. The issue has been fixed in Symfony 4.4.7 and 5.0.7. Description When a Response does not contain a Content-Type header, Symfony falls back to the form...