CVE-2024-50342

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 200

Summary

CVE-2024-50342 is a vulnerability affecting the symfony/http-client module, used for fetching HTTP resources in the Symfony PHP framework. Despite using the `NoPrivateNetworkHttpClient`, some internal information is still exposed during host resolution, potentially enabling IP and port enumeration. Affected versions include 5.4.45, 6.4.13, and 7.1.6. To prevent information leaks, these versions have been updated to filter blocked IPs earlier. Upgrades are advised, and currently, no workarounds for this vulnerability are known.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share