Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (1)
| Vulnerability |
Summary |
Aliases |
|
VCID-2gr1-yfyf-47f1
|
RCE in Symfony
Description
-----------
The `CachingHttpClient` class from the HttpClient Symfony component relies on the `HttpCache` class to handle requests. `HttpCache` uses internal headers like `X-Body-Eval` and `X-Body-File` to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by `CachingHttpClient` and if an attacker can control the response for a request being made by the `CachingHttpClient`, remote code execution is possible.
Resolution
----------
HTTP headers designed for internal use in `HttpCache` are now stripped from remote responses before being passed to `HttpCache`.
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78) for the 4.4 branch.
Credits
-------
I would like to thank Matthias Pigulla (webfactory GmbH) for reporting and fixing the issue.
|
CVE-2020-15094
GHSA-754h-5r27-7x3r
|