CVE-2020-5255: Improper Input Validation
(updated )
In Symfony, when a Response
does not contain a Content-Type
header, affected versions of Symfony can fallback to the format defined in the Accept
header of the request, leading to a possible mismatch between the response content and Content-Type
header. When the response is cached, this can prevent the use of the website by other users.
References
Detect and mitigate CVE-2020-5255 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →