Vulnerability Description
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sentry | Symbolicator | >= 0.3.3, < 23.11.2 |
Related Weaknesses (CWE)
References
- https://github.com/getsentry/symbolicator/commit/9db2fb9197dd200d62aacebd8efef4dPatchVendor Advisory
- https://github.com/getsentry/symbolicator/pull/1332Vendor Advisory
- https://github.com/getsentry/symbolicator/releases/tag/23.11.2Release NotesVendor Advisory
- https://github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9cMitigationVendor Advisory
- https://github.com/getsentry/symbolicator/commit/9db2fb9197dd200d62aacebd8efef4dPatchVendor Advisory
- https://github.com/getsentry/symbolicator/pull/1332Vendor Advisory
- https://github.com/getsentry/symbolicator/releases/tag/23.11.2Release NotesVendor Advisory
- https://github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9cMitigationVendor Advisory
FAQ
What is CVE-2023-49094?
CVE-2023-49094 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses b...
How severe is CVE-2023-49094?
CVE-2023-49094 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49094?
Check the references section above for vendor advisories and patch information. Affected products include: Sentry Symbolicator.