Vulnerability-Lookup

CVE-2020-15094 (GCVE-0-2020-15094)

Vulnerability from cvelistv5 – Published: 2020-09-02 17:35 – Updated: 2024-08-04 13:08

Title

RCE in Symfony

Summary

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-212 - {"CWE-212":"Improper Removal of Sensitive Information Before Storage or Transfer"}

Assigner

GitHub_M

References

URL

Tags

	https://github.com/symfony/symfony/security/advis…	x_refsource_CONFIRM
	https://github.com/symfony/symfony/commit/d9910e0…	x_refsource_MISC
	https://packagist.org/packages/symfony/symfony	x_refsource_MISC
	https://packagist.org/packages/symfony/http-kernel	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	symfony	symfony	Affected: >= 4.4.0, < 4.4.13 Affected: >= 5.0.0, < 5.1.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packagist.org/packages/symfony/symfony"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packagist.org/packages/symfony/http-kernel"
          },
          {
            "name": "FEDORA-2020-16eb328853",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
          },
          {
            "name": "FEDORA-2020-1c549262f1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "symfony",
          "vendor": "symfony",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.4.0, \u003c 4.4.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.1.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-25T18:06:43.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packagist.org/packages/symfony/symfony"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packagist.org/packages/symfony/http-kernel"
        },
        {
          "name": "FEDORA-2020-16eb328853",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
        },
        {
          "name": "FEDORA-2020-1c549262f1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
        }
      ],
      "source": {
        "advisory": "GHSA-754h-5r27-7x3r",
        "discovery": "UNKNOWN"
      },
      "title": "RCE in Symfony",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15094",
          "STATE": "PUBLIC",
          "TITLE": "RCE in Symfony"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "symfony",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 4.4.0, \u003c 4.4.13"
                          },
                          {
                            "version_value": "\u003e= 5.0.0, \u003c 5.1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "symfony"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r",
              "refsource": "CONFIRM",
              "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
            },
            {
              "name": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78",
              "refsource": "MISC",
              "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
            },
            {
              "name": "https://packagist.org/packages/symfony/symfony",
              "refsource": "MISC",
              "url": "https://packagist.org/packages/symfony/symfony"
            },
            {
              "name": "https://packagist.org/packages/symfony/http-kernel",
              "refsource": "MISC",
              "url": "https://packagist.org/packages/symfony/http-kernel"
            },
            {
              "name": "FEDORA-2020-16eb328853",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
            },
            {
              "name": "FEDORA-2020-1c549262f1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-754h-5r27-7x3r",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15094",
    "datePublished": "2020-09-02T17:35:15.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2020-15094

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-15094

Aliases

CVE-2020-15094

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-15094",
    "description": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.",
    "id": "GSD-2020-15094"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-15094"
      ],
      "details": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.",
      "id": "GSD-2020-15094",
      "modified": "2023-12-13T01:21:44.020105Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15094",
        "STATE": "PUBLIC",
        "TITLE": "RCE in Symfony"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "symfony",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 4.4.0, \u003c 4.4.13"
                        },
                        {
                          "version_value": "\u003e= 5.0.0, \u003c 5.1.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "symfony"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "{\"CWE-212\":\"Improper Removal of Sensitive Information Before Storage or Transfer\"}"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r",
            "refsource": "CONFIRM",
            "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
          },
          {
            "name": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78",
            "refsource": "MISC",
            "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
          },
          {
            "name": "https://packagist.org/packages/symfony/symfony",
            "refsource": "MISC",
            "url": "https://packagist.org/packages/symfony/symfony"
          },
          {
            "name": "https://packagist.org/packages/symfony/http-kernel",
            "refsource": "MISC",
            "url": "https://packagist.org/packages/symfony/http-kernel"
          },
          {
            "name": "FEDORA-2020-16eb328853",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
          },
          {
            "name": "FEDORA-2020-1c549262f1",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-754h-5r27-7x3r",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-11",
          "description": "In Symfony, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13",
            "5.1.5"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/form",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to versions 4.4.13, 5.1.5 or above.",
          "title": "Improper Removal of Sensitive Information Before Storage or Transfer",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "9710a300-b53e-4aea-a5f1-0ec17057fd96"
        },
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-25",
          "description": "In Symfony, the `CachingHttpClient` class from the HttpClient Symfony component relies on the `HttpCache` class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13",
            "5.1.5"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/http-client",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to versions 4.4.13, 5.1.5 or above.",
          "title": "Improper Cross-boundary Removal of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "6eb8876d-3252-43d1-b6aa-5702fbddcd62"
        },
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-11",
          "description": "In Symfony, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13",
            "5.1.5"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/http-foundation",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to versions 4.4.13, 5.1.5 or above.",
          "title": "Improper Cross-boundary Removal of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "bad15e19-b251-4d03-a612-4dfe930a3943"
        },
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-11",
          "description": "In Symfony, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13",
            "5.1.5"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/http-kernel",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to versions 4.4.13, 5.1.5 or above.",
          "title": "Improper Cross-boundary Removal of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "ca47172f-2df3-4d00-8f98-38b283684611"
        },
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-11",
          "description": "In Symfony, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13",
            "5.1.5"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/security-http",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to versions 4.4.13, 5.1.5 or above.",
          "title": "Improper Cross-boundary Removal of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "802c47c9-7c89-45cb-87bd-83aacc42341d"
        },
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-11",
          "description": "In Symfony, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/security",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to version 4.4.13 or above.",
          "title": "Improper Cross-boundary Removal of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "2637c1ac-a283-40df-98d8-4eeaca8c160e"
        },
        {
          "affected_range": "\u003e=4.4.0,\u003c4.4.13||\u003e=5.1.0,\u003c5.1.5",
          "affected_versions": "All versions starting from 4.4.0 before 4.4.13, all versions starting from 5.1.0 before 5.1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2020-09-11",
          "description": "In Symfony, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.",
          "fixed_versions": [
            "4.4.13",
            "5.1.5"
          ],
          "identifier": "CVE-2020-15094",
          "identifiers": [
            "CVE-2020-15094",
            "GHSA-754h-5r27-7x3r"
          ],
          "not_impacted": "All versions before 4.4.0, all versions starting from 4.4.13 before 5.1.0, all versions starting from 5.1.5",
          "package_slug": "packagist/symfony/symfony",
          "pubdate": "2020-09-02",
          "solution": "Upgrade to versions 4.4.13, 5.1.5 or above.",
          "title": "Improper Cross-boundary Removal of Sensitive Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
          ],
          "uuid": "644da51d-78f5-49d9-8cc7-077380de0cbf"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.5",
                "versionStartIncluding": "5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.13",
                "versionStartIncluding": "4.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.13",
                "versionStartIncluding": "4.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.5",
                "versionStartIncluding": "5.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15094"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-212"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
            },
            {
              "name": "https://packagist.org/packages/symfony/http-kernel",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://packagist.org/packages/symfony/http-kernel"
            },
            {
              "name": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
            },
            {
              "name": "https://packagist.org/packages/symfony/symfony",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://packagist.org/packages/symfony/symfony"
            },
            {
              "name": "FEDORA-2020-16eb328853",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
            },
            {
              "name": "FEDORA-2020-1c549262f1",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-24T02:07Z",
      "publishedDate": "2020-09-02T18:15Z"
    }
  }
}

GHSA-754H-5R27-7X3R

Vulnerability from github – Published: 2020-09-02 17:29 – Updated: 2023-01-24 18:07

Summary

RCE in Symfony

Details

Description

The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible.

Resolution

HTTP headers designed for internal use in HttpCache are now stripped from remote responses before being passed to HttpCache.

The patch for this issue is available here for the 4.4 branch.

Credits

I would like to thank Matthias Pigulla (webfactory GmbH) for reporting and fixing the issue.

Severity ?

8.0 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/http-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.4.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/http-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.4.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-09-02T17:29:29Z",
    "nvd_published_at": "2020-09-02T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Description\n-----------\n\nThe `CachingHttpClient` class from the HttpClient Symfony component relies on the `HttpCache` class to handle requests. `HttpCache` uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by `CachingHttpClient` and if an attacker can control the response for a request being made by the `CachingHttpClient`, remote code execution is possible.\n\nResolution\n----------\n\nHTTP headers designed for internal use in `HttpCache` are now stripped from remote responses before being passed to `HttpCache`.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78) for the 4.4 branch.\n\nCredits\n-------\n\nI would like to thank Matthias Pigulla (webfactory GmbH) for reporting and fixing the issue.",
  "id": "GHSA-754h-5r27-7x3r",
  "modified": "2023-01-24T18:07:50Z",
  "published": "2020-09-02T17:29:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15094"
    },
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/symfony/symfony"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC"
    },
    {
      "type": "WEB",
      "url": "https://packagist.org/packages/symfony/http-kernel"
    },
    {
      "type": "WEB",
      "url": "https://packagist.org/packages/symfony/symfony"
    },
    {
      "type": "WEB",
      "url": "https://symfony.com/cve-2020-15094"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "RCE in Symfony"
}

FKIE_CVE-2020-15094

Vulnerability from fkie_nvd - Published: 2020-09-02 18:15 - Updated: 2024-11-21 05:04

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r	Third Party Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/
security-advisories@github.com	https://packagist.org/packages/symfony/http-kernel	Product, Third Party Advisory
security-advisories@github.com	https://packagist.org/packages/symfony/symfony	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/
af854a3a-2127-422b-91ae-364da2661108	https://packagist.org/packages/symfony/http-kernel	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://packagist.org/packages/symfony/symfony	Product, Third Party Advisory

Impacted products

Vendor	Product	Version
sensiolabs	httpclient	*
sensiolabs	httpclient	*
sensiolabs	symfony	*
sensiolabs	symfony	*
fedoraproject	fedora	32
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C545D1-352A-422D-894D-0360C8B809C2",
              "versionEndExcluding": "4.4.13",
              "versionStartIncluding": "4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sensiolabs:httpclient:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE0E0B8-46EE-4796-8EA2-7820B389AB69",
              "versionEndExcluding": "5.1.5",
              "versionStartIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54E31480-E11B-440E-86DE-69B27A20E013",
              "versionEndExcluding": "4.4.13",
              "versionStartIncluding": "4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8353F9-2F4C-4BE9-A407-F22C08001271",
              "versionEndExcluding": "5.1.5",
              "versionStartIncluding": "5.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5."
    },
    {
      "lang": "es",
      "value": "En Symfony versiones anteriores a 4.4.13 y 5.1.5, la clase CachingHttpClient del componente HttpClient Symfony se basa en la clase HttpCache para manejar las peticiones. HttpCache utiliza encabezados internos como X-Body-Eval y X-Body-File para controlar la restauraci\u00f3n de las respuestas almacenadas en cach\u00e9. La clase fue inicialmente escrita teniendo en cuenta el almacenamiento en cach\u00e9 sustituto y la compatibilidad con ESI (todas las llamadas HTTP provienen de un backend confiable en ese escenario). Pero cuando es usado por CachingHttpClient y si un atacante puede controlar la respuesta para una petici\u00f3n siendo hecha por CachingHttpClient, es posible una ejecuci\u00f3n de c\u00f3digo remota. Esto ha sido corregido en las versiones 4.4.13 y 5.1.5"
    }
  ],
  "id": "CVE-2020-15094",
  "lastModified": "2024-11-21T05:04:47.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T18:15:11.187",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://packagist.org/packages/symfony/http-kernel"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://packagist.org/packages/symfony/symfony"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://packagist.org/packages/symfony/http-kernel"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://packagist.org/packages/symfony/symfony"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-15094 (GCVE-0-2020-15094)

GSD-2020-15094

GHSA-754H-5R27-7X3R

Description

Resolution

Credits

FKIE_CVE-2020-15094

Tags

Sightings

Nomenclature