GitHub, Inc. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/ [No types assigned]

GitHub, Inc. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/ [No Types Assigned]

OR
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 4.4.0 up to (excluding) 4.4.7
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (excluding) 5.0.7

NIST (AV:N/AC:L/Au:S/C:N/I:N/A:P)

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

NIST CWE-20

https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 No Types Assigned

https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 Patch, Third Party Advisory

https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859 No Types Assigned

https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859 Third Party Advisory

https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header No Types Assigned

https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header Third Party Advisory

In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4.

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.

https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header [No Types Assigned]

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header,
affected versions of Symfony can fallback to the format defined in the `Accept` header of the request,
leading to a possible mismatch between the response's content and `Content-Type` header.
When the response is cached, this can prevent the use of the website by other users.

This has been patched in versions 4.4.7 and 5.0.7.

In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4.

In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4.

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header,
affected versions of Symfony can fallback to the format defined in the `Accept` header of the request,
leading to a possible mismatch between the response's content and `Content-Type` header.
When the response is cached, this can prevent the use of the website by other users.

This has been patched in versions 4.4.7 and 5.0.7.