CVE-2024-50342LOW≥ 4.3.0, < 5.4.47·≥ 6.0.0, < 6.4.15+1 more2024-11-06
CVE-2024-50342 [LOW] CWE-200 Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
### Description
When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration.
### Resolution
The `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks.
The fisrt patch for this
ghsaosv