Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-30T04:49:37.404Z

Updated: 2024-08-02T21:46:28.667Z

Reserved: 2023-11-21T18:57:30.429Z

Link: CVE-2023-49094

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-30T05:15:09.123

Modified: 2024-11-21T08:32:48.647

Link: CVE-2023-49094

cve-icon Redhat

No data.