2 matches found
CVE-2024-50342
CVE-2024-50342 concerns Symfony’s http-client NoPrivateNetworkHttpClient leaking host resolution information, enabling possible IP/port enumeration. Affected versions before the fix include 5.4.46, 6.4.14, and 7.1.7. The underlying issue was mitigated by updating NoPrivateNetworkHttpClient to fil...
CVE-2020-15094
CVE-2020-15094 affects Symfony’s HttpClient component, where CachingHttpClient relies on the HttpCache class and can be influenced by attacker-controlled responses. The vulnerability stems from internal headers (e.g., X-Body-Eval, X-Body-File) used to restore cached responses, which, in a surroga...