6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.2%
symfony/http-kernel is vulnerable to HTTP request smuggling. The vulnerability exists in handle
function of SubRequestHandler
due to missing extra trusted header in sub-request which allows an attacker to forge requests containing a X-Forwarded-Prefix HTTP header, leading to a web cache poisoning issue.
github.com/shopware/core/commit/b4c2eab0e6547884fd543a598d164b1f49f4c96c
github.com/shopware/platform/commit/9062f15450d183f2c666664841efd4f5ef25e0f3
github.com/shopware/platform/security/advisories/GHSA-r64m-qchj-hrjp
github.com/symfony/http-kernel/commit/7e7cf0c029aa418c49e34df83644e04a1056e2ff
github.com/symfony/http-kernel/commit/c33400628b453d0c5b88f823e0302ed870d2269f
github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
github.com/symfony/symfony/commit/dcdd62c67657f23cf90bf9eadca75ad58ac91f41
github.com/symfony/symfony/pull/44243
github.com/symfony/symfony/releases/tag/v5.3.12
github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
symfony.com/blog/cve-2021-41267-webcache-poisoning-via-x-forwarded-prefix-and-sub-request
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.2%