CVE-2023-49094
Last modified
CVE-2023-49094 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sentry | Symbolicator | >= 0.3.3, < 23.11.2 |
References
- https://github.com/getsentry/symbolicator/pull/1332Vendor Advisory
- https://github.com/getsentry/symbolicator/releases/tag/23.11.2Release Notes, Vendor Advisory
- https://github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9c6Mitigation, Vendor Advisory
- https://github.com/getsentry/symbolicator/pull/1332Vendor Advisory
- https://github.com/getsentry/symbolicator/releases/tag/23.11.2Release Notes, Vendor Advisory
- https://github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9c6Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-49094?
How severe is CVE-2023-49094?
How do I fix CVE-2023-49094?
Are you affected by CVE-2023-49094?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST