← volver
CVE-2023-49094

Symbolicator Server Side Request Forgery vulnerability

CVSS 4.3 MEDIUMEPSS 0.7%CWE-918
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
getsentry · symbolicator

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/getsentry/symbolicator/commit/9db2fb9197dd200d62aacebd8efef4df7678865ahttps://github.com/getsentry/symbolicator/pull/1332https://github.com/getsentry/symbolicator/releases/tag/23.11.2https://github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9c6