Sensiolabs Httpclient vulnerabilities
2 known vulnerabilities affecting sensiolabs/httpclient.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-50342MEDIUMCVSS 4.3fixed in 5.4.46≥ 6.0.0, < 6.4.14+1 more2024-11-06
CVE-2024-50342 [MEDIUM] CWE-200 CVE-2024-50342: symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fe
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 t
nvd
CVE-2020-15094HIGHCVSS 8.8≥ 4.4.0, < 4.4.13≥ 5.1.0, < 5.1.52020-09-02
CVE-2020-15094 [HIGH] CWE-212 CVE-2020-15094: In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind
nvd