CVE-2023-47639

Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

api-platform / core>= 3.2.0, < 3.2.5 – >= 3.2.0, < 3.2.5

References

VENDOR_ADVISORYhttps://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
PATCHhttps://github.com/api-platform/core/pull/5823
PATCHhttps://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201