8 matches found
CVE-2020-15094
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...
Fedora: Security Advisory for php-symfony4 (FEDORA-2020-1c549262f1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : php-symfony4 (2020-16eb328853)
Version 4.4.13 2020-09-02 - security CVE-2020-15094 Remove headers with internal meaning from HttpClient responses mpdude - bug 38024 Console Fix undefined index for inconsistent command name definition chalasr - bug 38023 DI fix inlining of non-shared services nicolas-grekas - bug 38020...
CVE-2020-15094
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...
CVE-2020-15094
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...
CVE-2020-15094
CVE-2020-15094 affects Symfony’s HttpClient component, where CachingHttpClient relies on the HttpCache class and can be influenced by attacker-controlled responses. The vulnerability stems from internal headers (e.g., X-Body-Eval, X-Body-File) used to restore cached responses, which, in a surroga...
CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient
More info at https://symfony.com/cve-2020-15094...
CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient
More info at https://symfony.com/cve-2020-15094...