CVE-2020-15094Improper Removal of Sensitive Information Before Storage or Transfer in Httpclient

CWE-212Improper Removal of Sensitive Information Before Storage or Transfer6 documents5 sources
Severity
8.8HIGHNVD
CNA8.0
EPSS
2.2%
top 15.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SymfonySensiolabs HttpclientSensiolabs Symfony+2 more
Timeline
PublishedSep 2

Description

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

Packagistsymfony/http-kernel4.3.04.4.13+1
Packagistsymfony/symfony4.3.04.4.13+1
NVDsensiolabs/symfony4.4.04.4.13+1
NVDsensiolabs/httpclient4.4.04.4.13+1
Debiansymfony/symfony< 4.4.13+dfsg-1+3

Also affects: Fedora 32, 33

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
RCE in Symfony2020-09-02
OSV
RCE in Symfony2020-09-02
CVEList
RCE in Symfony2020-09-02
OSV
CVE-2020-15094: In Symfony before versions 42020-09-02

📋Vendor Advisories

1
Debian
CVE-2020-15094: symfony - In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from th...2020
CVE-2020-15094 — Sensiolabs Httpclient vulnerability | cvebase