Symfony News: CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

Affected versions

Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony ErrorHandler component are affected by this security issue.

The issue has been fixed in Symfony 4.4.7 and 5.0.7.

Description

When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one.

Resolution

Symfony does not use the Accept header anymore to guess the Content-Type.

The patch for this issue is available here for the 4.4 branch.

Credits

I would like to thank Xavier Lacot from JoliCode for reporting & Yonel Ceruto and Tobias Schultze for fixing the issue.

Be trained by Symfony experts - 2020-03-30 Online Europe - 2020-04-6 Online Europe - 2020-04-6 Online Europe

Source: https://symfony.com/blog

About us

What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...

Welcome to Symfony News !
More About us
Contact us on contact[at]symfony-news.com

Resources

Symfony Blog

Find us on Twitter

Tweets by @symfony_news

Symfony News