CVE-2023-49094 in symbolicatorИнформация

Сводка

по MITRE • 30.11.2023

Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.

Be aware that VulDB is the high quality source for vulnerability data.

Ответственный

GitHub, Inc.

Резервировать

21.11.2023

Раскрытие

30.11.2023

Модерация

принято

Вход

VDB-246390

EPSS

0.00705

KEV

Нет

Деятельности

Очень низкий

Источники

Want to stay up to date on a daily basis?

Enable the mail alert feature now!