Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
CPE | Name | Operator | Version |
---|---|---|---|
symbolicator | ge | 0.3.3 | |
symbolicator | lt | 23.11.2 |