CVE-2020-5255

Summary

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

Affected Software

VendorProductVersion RangeStatus
symfonysymfony>= 4.4.0 and < 4.4.7affected
symfonysymfony>= 5.0.0 and < 5.0.7affected

Weaknesses

  • CWE-435: CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities

ADP Enrichment

CVE Program Container

Additional References

References