Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-11-30T04:49:37.404Z
Updated: 2024-08-02T21:46:28.667Z
Reserved: 2023-11-21T18:57:30.429Z
Link: CVE-2023-49094
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-30T05:15:09.123
Modified: 2024-11-21T08:32:48.647
Link: CVE-2023-49094
Redhat
No data.