Описание
In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 4.4.8-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | 4.4.8-1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | code not present |
| groovy | not-affected | 4.4.8-1 |
Показывать по
Ссылки на источники
4 Medium
CVSS2
2.6 Low
CVSS3
Связанные уязвимости
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...
Prevent cache poisoning via a Response Content-Type header in Symfony
4 Medium
CVSS2
2.6 Low
CVSS3