CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.3%

CVSS Severity

CVSS v3 Score 2.6

CVSS v2 Score 4.0

References

Products affected by CVE-2020-5255

Sensiolabs » Symfony » Version: 4.4.0

cpe:2.3:a:sensiolabs:symfony:4.4.0
Sensiolabs » Symfony » Version: 4.4.1

cpe:2.3:a:sensiolabs:symfony:4.4.1
Sensiolabs » Symfony » Version: 4.4.2

cpe:2.3:a:sensiolabs:symfony:4.4.2
Sensiolabs » Symfony » Version: 4.4.3

cpe:2.3:a:sensiolabs:symfony:4.4.3
Sensiolabs » Symfony » Version: 4.4.4

cpe:2.3:a:sensiolabs:symfony:4.4.4
Sensiolabs » Symfony » Version: 4.4.5

cpe:2.3:a:sensiolabs:symfony:4.4.5
Sensiolabs » Symfony » Version: 4.4.6

cpe:2.3:a:sensiolabs:symfony:4.4.6
Sensiolabs » Symfony » Version: 5.0.0

cpe:2.3:a:sensiolabs:symfony:5.0.0
Sensiolabs » Symfony » Version: 5.0.1

cpe:2.3:a:sensiolabs:symfony:5.0.1
Sensiolabs » Symfony » Version: 5.0.2

cpe:2.3:a:sensiolabs:symfony:5.0.2
Sensiolabs » Symfony » Version: 5.0.3

cpe:2.3:a:sensiolabs:symfony:5.0.3
Sensiolabs » Symfony » Version: 5.0.4

cpe:2.3:a:sensiolabs:symfony:5.0.4
Sensiolabs » Symfony » Version: 5.0.5

cpe:2.3:a:sensiolabs:symfony:5.0.5
Sensiolabs » Symfony » Version: 5.0.6

cpe:2.3:a:sensiolabs:symfony:5.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5255

Products

Pricing

Contact Us