CVE-2020-5255

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-5255

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5255.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-5255

Aliases

Downstream

DEBIAN-CVE-2020-5255

Related

GHSA-mcx4-f5f5-4859

Published

2020-03-30T20:15:19.570Z

Modified

2026-03-13T22:00:43.973188Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type

GIT

Repo

https://github.com/symfony/symfony

Events

Introduced

625a4dbfdafcb8cea8ff90a62b9c24b28694938d

Fixed

0889df1e88559968eb291c938d25b96e252f7bed

Introduced

ea815ba986fe3be54acb5a47b0dc8760cf54e31d

Fixed

93313a03cfdb3b9c994ae8e414267efcc010262d

Fixed

dca343442e6a954f96a2609e7b4e9c21ed6d74e6

Database specific

{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.7"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.7"
        }
    ]
}

Affected versions

v3.*

v3.4.36

v3.4.37

v3.4.38

v3.4.39

v4.*

v4.3.10

v4.3.9

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5255.json"