CVE-2023-47639
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| api-platform | core | >= 3.2.0, < 3.2.5 | affected |
Weaknesses
- CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
- https://github.com/api-platform/core/pull/5823
- https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.