Search criteria
4 vulnerabilities found for httpclient by sensiolabs
CVE-2024-50342 (GCVE-0-2024-50342)
Vulnerability from nvd – Published: 2024-11-06 21:03 – Updated: 2024-11-07 15:26
VLAI?
Title
Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
Summary
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:26:26.266702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:26:33.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "symfony",
"vendor": "symfony",
"versions": [
{
"status": "affected",
"version": "\u003c 5.4.46"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.14"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:03:12.331Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm"
},
{
"name": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b"
}
],
"source": {
"advisory": "GHSA-9c3x-r3wp-mgxm",
"discovery": "UNKNOWN"
},
"title": "Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-50342",
"datePublished": "2024-11-06T21:03:12.331Z",
"dateReserved": "2024-10-22T17:54:40.955Z",
"dateUpdated": "2024-11-07T15:26:33.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15094 (GCVE-0-2020-15094)
Vulnerability from nvd – Published: 2020-09-02 17:35 – Updated: 2024-08-04 13:08
VLAI?
Title
RCE in Symfony
Summary
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.
Severity ?
CWE
- CWE-212 - {"CWE-212":"Improper Removal of Sensitive Information Before Storage or Transfer"}
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/symfony/symfony"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/symfony/http-kernel"
},
{
"name": "FEDORA-2020-16eb328853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
},
{
"name": "FEDORA-2020-1c549262f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "symfony",
"vendor": "symfony",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.4.0, \u003c 4.4.13"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T18:06:43",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/symfony/symfony"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/symfony/http-kernel"
},
{
"name": "FEDORA-2020-16eb328853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
},
{
"name": "FEDORA-2020-1c549262f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
}
],
"source": {
"advisory": "GHSA-754h-5r27-7x3r",
"discovery": "UNKNOWN"
},
"title": "RCE in Symfony",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15094",
"STATE": "PUBLIC",
"TITLE": "RCE in Symfony"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "symfony",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.4.0, \u003c 4.4.13"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.1.5"
}
]
}
}
]
},
"vendor_name": "symfony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r",
"refsource": "CONFIRM",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
},
{
"name": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78",
"refsource": "MISC",
"url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
},
{
"name": "https://packagist.org/packages/symfony/symfony",
"refsource": "MISC",
"url": "https://packagist.org/packages/symfony/symfony"
},
{
"name": "https://packagist.org/packages/symfony/http-kernel",
"refsource": "MISC",
"url": "https://packagist.org/packages/symfony/http-kernel"
},
{
"name": "FEDORA-2020-16eb328853",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
},
{
"name": "FEDORA-2020-1c549262f1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
}
]
},
"source": {
"advisory": "GHSA-754h-5r27-7x3r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15094",
"datePublished": "2020-09-02T17:35:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50342 (GCVE-0-2024-50342)
Vulnerability from cvelistv5 – Published: 2024-11-06 21:03 – Updated: 2024-11-07 15:26
VLAI?
Title
Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
Summary
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:26:26.266702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:26:33.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "symfony",
"vendor": "symfony",
"versions": [
{
"status": "affected",
"version": "\u003c 5.4.46"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.14"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:03:12.331Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm"
},
{
"name": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b"
}
],
"source": {
"advisory": "GHSA-9c3x-r3wp-mgxm",
"discovery": "UNKNOWN"
},
"title": "Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-50342",
"datePublished": "2024-11-06T21:03:12.331Z",
"dateReserved": "2024-10-22T17:54:40.955Z",
"dateUpdated": "2024-11-07T15:26:33.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15094 (GCVE-0-2020-15094)
Vulnerability from cvelistv5 – Published: 2020-09-02 17:35 – Updated: 2024-08-04 13:08
VLAI?
Title
RCE in Symfony
Summary
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.
Severity ?
CWE
- CWE-212 - {"CWE-212":"Improper Removal of Sensitive Information Before Storage or Transfer"}
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/symfony/symfony"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/symfony/http-kernel"
},
{
"name": "FEDORA-2020-16eb328853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
},
{
"name": "FEDORA-2020-1c549262f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "symfony",
"vendor": "symfony",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.4.0, \u003c 4.4.13"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T18:06:43",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/symfony/symfony"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/symfony/http-kernel"
},
{
"name": "FEDORA-2020-16eb328853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
},
{
"name": "FEDORA-2020-1c549262f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
}
],
"source": {
"advisory": "GHSA-754h-5r27-7x3r",
"discovery": "UNKNOWN"
},
"title": "RCE in Symfony",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15094",
"STATE": "PUBLIC",
"TITLE": "RCE in Symfony"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "symfony",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.4.0, \u003c 4.4.13"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.1.5"
}
]
}
}
]
},
"vendor_name": "symfony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r",
"refsource": "CONFIRM",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
},
{
"name": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78",
"refsource": "MISC",
"url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
},
{
"name": "https://packagist.org/packages/symfony/symfony",
"refsource": "MISC",
"url": "https://packagist.org/packages/symfony/symfony"
},
{
"name": "https://packagist.org/packages/symfony/http-kernel",
"refsource": "MISC",
"url": "https://packagist.org/packages/symfony/http-kernel"
},
{
"name": "FEDORA-2020-16eb328853",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
},
{
"name": "FEDORA-2020-1c549262f1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
}
]
},
"source": {
"advisory": "GHSA-754h-5r27-7x3r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15094",
"datePublished": "2020-09-02T17:35:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}