LOW🇵🇱 Wersja polska

CVE-2020-5255

CVSS 2.6v3.1pub. 2020-03-30upd. 2024-11-21

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
  • Sensiolabs Symfony

    APP
    Sensiolabs
    4.4.0 – 4.4.7 (bez)5.0.0 – 5.0.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-18889CRITICAL9.8ten sam produkt

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serial...

CVE-2019-11325CRITICAL9.8ten sam produkt

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly e...

CVE-2017-11365CRITICAL9.8ten sam produkt

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2....

CVE-2019-10910CRITICAL9.8ten sam produkt

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, w...

CVE-2019-10913CRITICAL9.8ten sam produkt

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, H...