CVE-2021-41267

Published: 24 November 2021

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted.

Priority

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package	Release	Status
symfony Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needed
	kinetic	Ignored (end of life, was needed)
	lunar	Ignored (end of life, was needed)
	mantic	Needed
	trusty	Ignored (end of standard support)
	upstream	Not vulnerable (debian: Vulnerable code never in released version in unstable)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487

Severity score breakdown

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›