CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header
Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony HttpFoundation component are affected by this security issue.
The issue has been fixed in Symfony 4.4.7 and 5.0.7.
Response does not contain a
Content-Type header, Symfony falls back to the format defined in the
Accept header of the request, leading to a possible mismatch between the response's content and
Content-Type header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one.
Symfony does not use the
Accept header anymore to guess the
The patch for this issue is available here for the 4.4 branch.
I would like to thank Xavier Lacot from JoliCode for reporting & Yonel Ceruto and Tobias Schultze for fixing the issue.
CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-headerTweet this
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.