symfony/http-client
Packagist2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting symfony/http-clientpage 1 of 1
- CVE-2024-50342LOWCVSS 3.1EG 3.1✓ Fixed in 7.1.82024-11-06
vulnerable: v7.0.0 ... v7.1.7 (20 versions)
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking…
- CVE-2026-48736MEDIUMCVSS 0.0EG 0.0✓ Fixed in 5.4.532026-06-15
vulnerable: v5.4.0 ... v5.4.9 (41 versions)
Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient ### Description `Symfony\Component\HttpClient\NoPrivateNetworkHttpClient` is documented as a …
Check whether symfony/http-client is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/http-client CVEs against the assets you own.
Start Free Scan →