Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

November 13, 2024 • Published by Fabien Potencier

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it.

Published in #Security Advisories

Have found a security issue in Symfony? Send the details to security [at] symfony.com and don't disclose it publicly until we can provide a fix for it.

Manage your notification preferences to receive an email as soon as a Symfony security release is published.

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

Comments

Become a Symfony contributor