Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/http-kernel@5.0.0-BETA1
purl pkg:composer/symfony/http-kernel@5.0.0-BETA1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-rgh3-ef8t-k3ec Duplicate This advisory duplicates another. CVE-2022-24894
GHSA-h7vf-5wrv-9fhv
GMS-2023-209
GMS-2023-212
VCID-txk7-krb1-bqd9 RCE in Symfony Description ----------- The `CachingHttpClient` class from the HttpClient Symfony component relies on the `HttpCache` class to handle requests. `HttpCache` uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by `CachingHttpClient` and if an attacker can control the response for a request being made by the `CachingHttpClient`, remote code execution is possible. Resolution ---------- HTTP headers designed for internal use in `HttpCache` are now stripped from remote responses before being passed to `HttpCache`. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78) for the 4.4 branch. Credits ------- I would like to thank Matthias Pigulla (webfactory GmbH) for reporting and fixing the issue. CVE-2020-15094
GHSA-754h-5r27-7x3r

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:20:59.800064+00:00 GitLab Importer Fixing VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.4.0
2026-04-16T21:08:08.177024+00:00 GitLab Importer Fixing VCID-txk7-krb1-bqd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2020-15094.yml 38.4.0
2026-04-11T23:38:58.447422+00:00 GitLab Importer Fixing VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.3.0
2026-04-11T22:19:50.837305+00:00 GitLab Importer Fixing VCID-txk7-krb1-bqd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2020-15094.yml 38.3.0
2026-04-02T23:43:12.199829+00:00 GitLab Importer Fixing VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.1.0
2026-04-02T22:31:50.443210+00:00 GitLab Importer Fixing VCID-txk7-krb1-bqd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2020-15094.yml 38.1.0
2026-04-01T18:06:02.979027+00:00 GitLab Importer Fixing VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.0.0
2026-04-01T16:49:44.481559+00:00 GitLab Importer Fixing VCID-txk7-krb1-bqd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2020-15094.yml 38.0.0