CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

AstraLinux•added 2025/02/11 7:35 a.m.•2 views

Astra Linux - уязвимость в symfony

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

4.3CVSS6.7AI score0.00481EPSS

Exploits0References3

OSV•added 2024/11/06 9:3 p.m.•22 views

CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client

3.1CVSS4.2AI score0.00481EPSS

Exploits0References4

CVE•added 2024/11/06 9:3 p.m.•127 views

CVE-2024-50342

CVE-2024-50342 concerns Symfony’s http-client NoPrivateNetworkHttpClient leaking host resolution information, enabling possible IP/port enumeration. Affected versions before the fix include 5.4.46, 6.4.14, and 7.1.7. The underlying issue was mitigated by updating NoPrivateNetworkHttpClient to fil...

4.3CVSS3.4AI score0.00481EPSS

Exploits0References2Affected Software1

OSV•added 2024/11/06 3:16 p.m.•10 views

GHSA-9C3X-R3WP-MGXM Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient

Description When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. Resolution The NoPrivateNetworkHttpClient now filters blocked IPs earlier to prevent such leaks. The fisrt patch for this issue is...

3.1CVSS3.7AI score0.00481EPSS

Exploits0References7