CVE-2024-50342
CVSS 3.1 Score 3.1 of 10 (low)
Details
Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 200
Summary
CVE-2024-50342 is a vulnerability affecting the symfony/http-client module, used for fetching HTTP resources in the Symfony PHP framework. Despite using the `NoPrivateNetworkHttpClient`, some internal information is still exposed during host resolution, potentially enabling IP and port enumeration. Affected versions include 5.4.45, 6.4.13, and 7.1.6. To prevent information leaks, these versions have been updated to filter blocked IPs earlier. Upgrades are advised, and currently, no workarounds for this vulnerability are known.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share