3 matches found
CVE-2021-41267
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...
CVE-2021-41267
CVE-2021-41267 affects Symfony/Http-Kernel. In Symfony 5.2, the X-Forwarded-Prefix header could be used in subrequests because it wasn’t in the trusted_headers allowlist, enabling potential web cache poisoning. A patch was released for Symfony 5.3.12+ to prevent forwarding of untrusted X-Forwarde...
CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
More info at https://symfony.com/cve-2021-41267...