4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.3%
When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded-*
HTTP headers. HTTP headers that are not part of the βtrusted_headersβ allowed list are ignored and protect you from βCache poisoningβ attacks.
In Symfony 5.2, weβve added support for the X-Forwarded-Prefix
header, but this header was accessible in sub-requests, even if it was not part of the βtrusted_headersβ allowed list. An attacker could leverage this opportunity to forge requests containing a X-Forwarded-Prefix
HTTP header, leading to a web cache poisoning issue.
Symfony now ensures that the X-Forwarded-Prefix
HTTP header is not forwarded to sub-requests when it is not trusted.
The patch for this issue is available here for branch 5.3.
We would like to thank Soner Sayakci for reporting the issue and JΓ©rΓ©my DerussΓ© for fixing the issue.
Log in to add a reaction to this post
add a reaction β€οΈ π π
Published in #Security Advisories
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.3%