Unrated severityNVD Advisory· Published Nov 30, 2023· Updated Jun 5, 2025
Symbolicator Server Side Request Forgery vulnerability
CVE-2023-49094
Description
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 23.11.2
- getsentry/symbolicatorv5Range: >= 0.3.3, < 23.11.2
Patches
Vulnerability mechanics
References
4- github.com/getsentry/symbolicator/commit/9db2fb9197dd200d62aacebd8efef4df7678865amitrex_refsource_MISC
- github.com/getsentry/symbolicator/pull/1332mitrex_refsource_MISC
- github.com/getsentry/symbolicator/releases/tag/23.11.2mitrex_refsource_MISC
- github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9c6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.