Cs278

Name of the Vulnerable Software and Affected Versions: symfony/http-client versions prior to 5.4.46 symfony/http-client versions prior to 6.4.14 symfony/http-client versions prior to 7.1.7 Description: The issue is related to the `NoPrivateNetworkHttpClient` in the symfony/http-client module, which is part of the Symphony PHP framework. This module provides methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, leading to possible IP/port enumeration. Recommendations: For versions prior to 5.4.46, upgrade to version 5.4.46 or later. For versions prior to 6.4.14, upgrade to version 6.4.14 or later. For versions prior to 7.1.7, upgrade to version 7.1.7 or later. As a temporary workaround, consider disabling the `NoPrivateNetworkHttpClient` until a patch is available.