CVE-2020-5255: Improper Input Validation

March 30, 2020 (updated April 9, 2020)

In Symfony, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response content and Content-Type header. When the response is cached, this can prevent the use of the website by other users.

References

nvd.nist.gov/vuln/detail/CVE-2020-5255

Detect and mitigate CVE-2020-5255 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →