Xavier Lacot

**Name of the Vulnerable Software and Affected Versions** Symfony versions prior to 4.4.7 Symfony versions prior to 5.0.7 **Description** When a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. **Recommendations** For Symfony versions prior to 4.4.7, update to version 4.4.7 or later. For Symfony versions prior to 5.0.7, update to version 5.0.7 or later. As a temporary workaround, consider disabling the use of the `Accept` header to guess the `Content-Type` until a patch is available.