VDB
CVE-2024-50342
CVE-2024-50342
PUBLISHED
CVSS 3.0999999046325684 LOW
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
EPSS 0.50% · 66.4th percentile
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.50%
66.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| symfony | symfony | < 5.4.46, >= 7.0.0, < 7.1.7, >= 6.0.0, < 6.4.14 |
| symfony | http-client | 4.3.0, 6.0.0, 7.0.0 |
| sensiolabs | httpclient | 0, 6.0.0, 7.0.0 |
| symfony | symfony | 4.3.0, 7.0.0, 6.0.0 |
Timeline
- Jan 21, 1970 Security Advisory
- Nov 6, 2024 CVE Published
- Nov 6, 2024 Coalition ESS Score
- Nov 6, 2024 PoC Published
- Nov 7, 2024 EPSS Score
- Nov 8, 2024 Coalition ESS Score
- Nov 25, 2024 EPSS Score
- Dec 14, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
- Jan 18, 2025 EPSS Score
- Feb 5, 2025 EPSS Score
- Feb 23, 2025 EPSS Score
References
- https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v advisory
- https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j advisory
- https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q advisory
- https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm advisory
- https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp advisory
- https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9 advisory
- https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b url
- https://nvd.nist.gov/vuln/detail/CVE-2024-50342 advisory
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml url
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml url
- https://github.com/symfony/symfony package
- https://symfony.com/cve-2024-50342 url