VYPR
Low severityNVD Advisory· Published Mar 30, 2020· Updated Aug 4, 2024

Prevent cache poisoning via a Response Content-Type header

CVE-2020-5255

Description

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
symfony/http-foundationPackagist
>= 4.4.0, < 4.4.74.4.7
symfony/http-foundationPackagist
>= 5.0.0, < 5.0.75.0.7
symfony/symfonyPackagist
>= 4.4.0, < 4.4.74.4.7
symfony/symfonyPackagist
>= 5.0.0, < 5.0.75.0.7

Affected products

4

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.