CVE-2024-50342
- Source
- https://cve.org/CVERecord?id=CVE-2024-50342
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50342.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50342
- Aliases
- Downstream
- Published
- 2024-11-06T21:03:12.331Z
- Modified
- 2026-04-30T12:12:17.541109Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
- Details
-
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the
NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 theNoPrivateNetworkHttpClientnow filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability. - Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50342.json", "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git / github.com/symfony/http-client
Affected ranges
- Type
- GIT
- Repo
- https://github.com/symfony/http-client
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "5.4.46" }, { "introduced": "6.0.0" }, { "fixed": "6.4.14" }, { "introduced": "7.0.0" }, { "fixed": "7.1.7" } ] }
Affected versions
v4.*
v4.3.0-BETA1
v5.*
v5.0.0-BETA1
v5.0.0-BETA2
v5.0.0-RC1
v5.1.0-BETA1
v5.1.0-RC1
v5.2.0
v5.2.0-BETA1
v5.2.0-BETA2
v5.2.0-BETA3
v5.2.0-RC1
v5.2.0-RC2
v5.2.1
v5.2.2
v5.2.3
v5.3.0-BETA1
v5.3.0-BETA4
v5.3.0-RC1
v5.4.0
v5.4.0-BETA1
v5.4.0-BETA2
v5.4.0-BETA3
v5.4.0-RC1
v5.4.1
v5.4.11
v5.4.12
v5.4.13
v5.4.14
v5.4.15
v5.4.16
v5.4.17
v5.4.19
v5.4.2
v5.4.20
v5.4.21
v5.4.22
v5.4.23
v5.4.24
v5.4.25
v5.4.26
v5.4.29
v5.4.3
v5.4.31
v5.4.34
v5.4.35
v5.4.36
v5.4.37
v5.4.38
v5.4.39
v5.4.40
v5.4.41
v5.4.42
v5.4.43
v5.4.44
v5.4.45
v5.4.5
v5.4.7
v5.4.8
v5.4.9
v6.*
v6.0.0
v6.0.0-RC1
v6.0.1
v6.1.0
v6.1.0-BETA1
v6.1.0-BETA2
v6.1.0-RC1
v6.1.1
v6.1.2
v6.2.0
v6.2.0-BETA1
v6.2.0-BETA2
v6.2.0-BETA3
v6.2.0-RC1
v6.3.0
v6.3.0-BETA1
v6.3.0-BETA2
v6.3.0-BETA3
v6.3.0-RC1
v6.4.0
v6.4.0-BETA1
v6.4.0-BETA2
v6.4.0-BETA3
v6.4.0-RC1
v6.4.0-RC2
v6.4.10
v6.4.11
v6.4.12
v6.4.13
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v7.*
v7.0.0-BETA1
v7.0.0-BETA2
v7.0.0-BETA3
v7.0.0-RC1
v7.1.0
v7.1.0-BETA1
v7.1.0-RC1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6