Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33094
HistoryNov 25, 2021 - 6:58 a.m.

HTTP Request Smuggling

2021-11-2506:58:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13

0.001 Low

EPSS

Percentile

39.3%

symfony/http-kernel is vulnerable to HTTP request smuggling. The vulnerability exists in handle function of SubRequestHandler due to missing extra trusted header in sub-request which allows an attacker to forge requests containing a X-Forwarded-Prefix HTTP header, leading to a web cache poisoning issue.

0.001 Low

EPSS

Percentile

39.3%