Overview
- Description
- symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 3.1
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
Weaknesses
- security-advisories@github.com
- CWE-200
Social media
- Hype score
- Not currently trending
CVE-2024-50342 Internal Information Leak in Symfony's NoPrivateNetworkHttpClient Module symfony/http-client is a part of the Symphony PHP framework. It helps get HTTP resources. This can be done synchronously or ... https://t.co/QHhUYN45N5
@VulmonFeeds
7 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50342 symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the… https://t.co/I3aLyOCv1K
@CVEnew
6 Nov 2024
463 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient ➡️ https://t.co/XnpQyUniGz #symfony
@symfony
6 Nov 2024
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes