UBUNTU-CVE-2024-50342

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-50342

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-50342.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-50342

Related

CVE-2024-50342

Published

2024-11-06T21:15:00Z

Modified

2024-11-13T16:35:19Z

Summary

[none]

Details

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the NoPrivateNetworkHttpClient now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.1+dfsg-1

2.7.5+dfsg-1

2.7.9+dfsg-1

2.7.9+dfsg-1ubuntu2

2.7.10-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.7+dfsg-1.3ubuntu1

3.*

3.4.3+dfsg-1ubuntu4

3.4.6+dfsg-1

3.4.6+dfsg-1ubuntu0.1

3.4.6+dfsg-1ubuntu0.1+esm1

3.4.6+dfsg-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.4+dfsg-1ubuntu1

4.3.8+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.6+dfsg-1ubuntu7

5.4.4+dfsg-1ubuntu8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.5+dfsg-3ubuntu3

6.4.10+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.23+dfsg-1ubuntu1

5.4.35+dfsg-3ubuntu1

6.*

6.4.5+dfsg-3ubuntu2

6.4.5+dfsg-3ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}