CVE-2020-5255 - CERT CVE
ID CVE-2020-5255
Sažetak In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.
Reference
CVSS
Base: 4.0
Impact: 2.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
NONE NONE PARTIAL
CVSS vektor AV:N/AC:L/Au:S/C:N/I:N/A:P
Zadnje važnije ažuriranje 07-11-2023 - 03:23
Objavljeno 30-03-2020 - 20:15