- Description
- symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- httpclient
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
🔴 quic-go, Denial-of-Service, #CVE-2024-50342 (Critical) https://t.co/bXtTGwHATQ
@dailycve
10 Oct 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50342 Internal Information Leak in Symfony's NoPrivateNetworkHttpClient Module symfony/http-client is a part of the Symphony PHP framework. It helps get HTTP resources. This can be done synchronously or ... https://t.co/QHhUYN45N5
@VulmonFeeds
7 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50342 symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the… https://t.co/I3aLyOCv1K
@CVEnew
6 Nov 2024
463 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient ➡️ https://t.co/XnpQyUniGz #symfony
@symfony
6 Nov 2024
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD522A1-414A-4E9D-8CD3-1AF7381721D1",
"versionEndExcluding": "5.4.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3995A623-DA0E-45DC-8BB2-AC4FF8645E8F",
"versionEndExcluding": "6.4.14",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850FABC0-EBDC-46A8-92B2-2B73C1FDD7D6",
"versionEndExcluding": "7.1.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]