CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header
Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony HttpFoundation component are affected by this security issue.
The issue has been fixed in Symfony 4.4.7 and 5.0.7.
Response does not contain a
Content-Type header, Symfony falls back to the format defined in the
Accept header of the request, leading to a possible mismatch between the response's content and
Content-Type header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one.
Symfony does not use the
Accept header anymore to guess the
The patch for this issue is available here for the 4.4 branch.
I would like to thank Xavier Lacot from JoliCode for reporting & Yonel Ceruto and Tobias Schultze for fixing the issue.
Have found a security issue in Symfony? Send the details to security [at] symfony.com and don't disclose it publicly until we can provide a fix for it.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.