101 行
3.6 KiB
JSON
101 行
3.6 KiB
JSON
{
|
|
"canonical_id": "symfony--CVE-2021-41267",
|
|
"system_id": "symfony",
|
|
"display_name": "Symfony",
|
|
"category": "frameworks",
|
|
"advisory_mode": "core",
|
|
"title": "Webcache Poisoning in symfony/http-kernel",
|
|
"summary": "Description\n-----------\n\nWhen a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the `X-Forwarded-*` HTTP headers. HTTP headers that are not part of the \"trusted_headers\" allowed list are ignored and protect you from \"Cache poisoning\" attacks. \n\nIn Symfony 5.2, we've added support for the `X-Forwarded-Prefix` header, but this header was accessible in sub-requests, even if it was not part of the \"trusted_headers\" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` HTTP header, leading to a web cache poisoning issue.\n\nResolution\n----------\n\nSymfony now ensures that the `X-Forwarded-Prefix` HTTP header is not forwarded to sub-requests when it is not trusted.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487) for branch 5.3.\n\nCredits\n-------\n\nWe would like to thank Soner Sayakci for reporting the issue and J\u00e9r\u00e9my Deruss\u00e9 for fixing the issue.\n",
|
|
"published_at": "2021-11-24T20:04:25Z",
|
|
"updated_at": "2026-03-13T22:00:11.423907Z",
|
|
"severity": "low",
|
|
"cvss_score": 3.1,
|
|
"exploit_status": "unknown",
|
|
"source_confidence": "official",
|
|
"official_source_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q",
|
|
"secondary_source_urls": [
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2021-41267",
|
|
"https://github.com/symfony/symfony/pull/44243",
|
|
"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487",
|
|
"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml",
|
|
"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml",
|
|
"https://github.com/symfony/symfony/releases/tag/v5.3.12",
|
|
"https://symfony.com/cve-2021-41267"
|
|
],
|
|
"aliases": [
|
|
"BIT-symfony-2021-41267",
|
|
"CVE-2021-41267",
|
|
"GHSA-q3j3-w37x-hq2q"
|
|
],
|
|
"cve_ids": [
|
|
"CVE-2021-41267"
|
|
],
|
|
"ghsa_ids": [
|
|
"GHSA-q3j3-w37x-hq2q"
|
|
],
|
|
"osv_ids": [
|
|
"GHSA-q3j3-w37x-hq2q"
|
|
],
|
|
"affected_versions": [
|
|
"v5.2.0",
|
|
"v5.2.1",
|
|
"v5.2.10",
|
|
"v5.2.11",
|
|
"v5.2.12",
|
|
"v5.2.13",
|
|
"v5.2.14",
|
|
"v5.2.2",
|
|
"v5.2.3",
|
|
"v5.2.4",
|
|
"v5.2.5",
|
|
"v5.2.6",
|
|
"v5.2.7",
|
|
"v5.2.8",
|
|
"v5.2.9",
|
|
"v5.3.0",
|
|
"v5.3.0-BETA1",
|
|
"v5.3.0-BETA2",
|
|
"v5.3.0-BETA3",
|
|
"v5.3.0-BETA4",
|
|
"introduced=5.2.0, fixed<5.3.12"
|
|
],
|
|
"fixed_versions": [
|
|
"5.3.12"
|
|
],
|
|
"package_name": "symfony/symfony",
|
|
"render_markdown": true,
|
|
"case_path": "07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md",
|
|
"secure_code_topics": [
|
|
"xss-output-encoding",
|
|
"authz-server-side-recheck",
|
|
"path-traversal-guard",
|
|
"proxy-trust-boundary"
|
|
],
|
|
"status": "generated",
|
|
"triage_reasons": [],
|
|
"verification_status": "triage-manual",
|
|
"verification_mode": "synthetic",
|
|
"last_verified_at": null,
|
|
"last_run_id": null,
|
|
"evidence_bundle": null,
|
|
"historical_status": null,
|
|
"latest_status": null,
|
|
"browser_evidence": {
|
|
"required": false,
|
|
"present": false,
|
|
"refs": []
|
|
},
|
|
"repro_profile_id": "xss-generic",
|
|
"artifact_mode": "synthetic",
|
|
"blocked_reason": null,
|
|
"metadata": {
|
|
"source_names": [
|
|
"OSV Symfony"
|
|
],
|
|
"source_kinds": [
|
|
"osv-batch"
|
|
],
|
|
"candidate_count": 2
|
|
}
|
|
}
|