CVE-2020-5255

描述

Description ----------- When a `Response` does not contain a `Content-Type` header, Symfony falls back to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one. Resolution ---------- Symfony does not use the `Accept` header anymore to guess the `Content-Type`. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6) for the 4.4 branch. Credits ------- I would like to thank Xavier Lacot from JoliCode for reporting & Yonel Ceruto and Tobias Schultze for fixing the issue.

受影響套件(4)

• Bitnami/symfony>= 4.4.0, < 4.4.7, >= 5.0.0, < 5.0.7
• Debian/symfonyfrom 0, < 4.4.8-1
• Packagist/symfony/http-foundation>= 4.4.0, < 4.4.7
• Packagist/symfony/symfony>= 4.4.0, < 4.4.7

CVSS 分數

參考連結(10)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-5255
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-5255
• WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml
• WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml
• WEBhttps://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
• WEBhttps://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859
• WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ
• WEBhttps://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
• WEBhttps://symfony.com/cve-2020-5255