CVE-2020-15094
RCE in Symfony
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.
En Symfony versiones anteriores a 4.4.13 y 5.1.5, la clase CachingHttpClient del componente HttpClient Symfony se basa en la clase HttpCache para manejar las peticiones. HttpCache utiliza encabezados internos como X-Body-Eval y X-Body-File para controlar la restauración de las respuestas almacenadas en caché. La clase fue inicialmente escrita teniendo en cuenta el almacenamiento en caché sustituto y la compatibilidad con ESI (todas las llamadas HTTP provienen de un backend confiable en ese escenario). Pero cuando es usado por CachingHttpClient y si un atacante puede controlar la respuesta para una petición siendo hecha por CachingHttpClient, es posible una ejecución de código remota. Esto ha sido corregido en las versiones 4.4.13 y 5.1.5
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-25 CVE Reserved
- 2020-09-02 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r | Third Party Advisory | |
| https://packagist.org/packages/symfony/http-kernel | Product | |
| https://packagist.org/packages/symfony/symfony | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sensiolabs Search vendor "Sensiolabs" | Httpclient Search vendor "Sensiolabs" for product "Httpclient" | >= 4.4.0 < 4.4.13 Search vendor "Sensiolabs" for product "Httpclient" and version " >= 4.4.0 < 4.4.13" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Httpclient Search vendor "Sensiolabs" for product "Httpclient" | >= 5.1.0 < 5.1.5 Search vendor "Sensiolabs" for product "Httpclient" and version " >= 5.1.0 < 5.1.5" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.4.0 < 4.4.13 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.4.0 < 4.4.13" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 5.1.0 < 5.1.5 Search vendor "Sensiolabs" for product "Symfony" and version " >= 5.1.0 < 5.1.5" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||