symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Thu, 07 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Description symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-06T21:03:12.331Z

Updated: 2024-11-07T15:26:33.540Z

Reserved: 2024-10-22T17:54:40.955Z

Link: CVE-2024-50342

cve-icon Vulnrichment

Updated: 2024-11-07T15:26:29.969Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-06T21:15:05.963

Modified: 2024-11-08T19:01:25.633

Link: CVE-2024-50342

cve-icon Redhat

No data.