In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| symfony/http-foundation(Packagist) | 4.4.0 | 4.4.7 | N/A |
| symfony/http-foundation(Packagist) | 5.0.0 | 5.0.7 | N/A |
| symfony/symfony(Packagist) | 4.4.0 | 4.4.7 | N/A |
| symfony/symfony(Packagist) | 5.0.0 | 5.0.7 | N/A |
CVSS Metrics
