19 matches found
CVE-2023-49094
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
EUVD-2023-53104
Malicious code in bioql PyPI...
EUVD-2023-56164
Malicious code in bioql PyPI...
CVE-2023-51451
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
CVE-2023-51451
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
Code injection
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
CVE-2023-51451 SSRF in symbolicator via invalid protocol
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
CVE-2023-51451
CVE-2023-51451 concerns Symbolicator (used with Sentry). Affects Symbolicator versions 0.3.3 up to 21.12.1; an attacker could cause Symbolicator to issue GET requests to arbitrary URLs with internal IPs by exploiting an invalid protocol. Responses could be exposed via the Symbolicator API/UI in a...
CVE-2023-51451 SSRF in symbolicator via invalid protocol
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
Symbolicator Security Vulnerability
Symbolicator is a symbolic service for native stack traces and small dumps with Symbolic Server support. A security vulnerability exists in Symbolicator versions prior to 0.3.3 through 21.12.1, which stems from a vulnerability that allows an attacker to use an invalid protocol to cause Symbolicat...
PT-2023-31834 · Unknown +1 · Symbolicator +1
Name of the Vulnerable Software and Affected Versions: Symbolicator versions 0.3.3 through 21.12.1 Description: The issue allows an attacker to make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could...
CVE-2023-49094
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
Design/Logic Flaw
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
CVE-2023-49094
Symbolicator (the symbolication service) is affected by a Server-Side Request Forgery (SSRF) where a specially crafted HTTP endpoint can trigger the service to send arbitrary GET requests to internal IPs. The attacker could have the response reflected back if they have an account on the Sentry in...
CVE-2023-49094 Symbolicator Server Side Request Forgery vulnerability
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
CVE-2023-49094 Symbolicator Server Side Request Forgery vulnerability
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
CVE-2023-49094 Symbolicator Server Side Request Forgery vulnerability
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
Symbolicator Code Issue Vulnerability
Symbolicator is a symbol service for native stack traces and small dumps with symbol server support. A code issue vulnerability exists in Symbolicator versions 0.3.3 through 23.11.2, which stems from the fact that an attacker can use a specially crafted HTTP endpoint to allow Symbolicator to send...
PT-2023-31052 · Unknown · Symbolicator
Name of the Vulnerable Software and Affected Versions: Symbolicator versions prior to 23.11.2 Description: The issue allows an attacker to make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the...