Candidate: CVE-2020-15094
PublicDate: 2020-09-02 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15094
 https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r
 https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78
 https://packagist.org/packages/symfony/http-kernel
 https://packagist.org/packages/symfony/symfony
Description:
 In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class
 from the HttpClient Symfony component relies on the HttpCache class to
 handle requests. HttpCache uses internal headers like X-Body-Eval and
 X-Body-File to control the restoration of cached responses. The class was
 initially written with surrogate caching and ESI support in mind (all HTTP
 calls come from a trusted backend in that scenario). But when used by
 CachingHttpClient and if an attacker can control the response for a request
 being made by the CachingHttpClient, remote code execution is possible.
 This has been fixed in versions 4.4.13 and 5.1.5.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_symfony:
upstream_symfony: released (4.4.13+dfsg-1)
precise/esm_symfony: DNE
trusty_symfony: ignored (out of standard support)
trusty/esm_symfony: DNE
xenial_symfony: ignored (end of standard support, was needs-triage)
bionic_symfony: not-affected (code not present)
focal_symfony: not-affected (code not present)
groovy_symfony: ignored (reached end-of-life)
hirsute_symfony: ignored (reached end-of-life)
impish_symfony: not-affected (4.4.13+dfsg-1)
jammy_symfony: not-affected (4.4.13+dfsg-1)
devel_symfony: not-affected (4.4.13+dfsg-1)