CVE-2023-47639

April 3, 2025, 5:15 p.m.

5.3
Medium

Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.

Product(s) Impacted

Vendor Product Versions
Api Platform
  • Api Platform Core
  • 3.2.0-3.2.4, 3.2.5

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a api_platform api_platform_core 3.2.0-3.2.4 / / / / / / /
a api_platform api_platform_core 3.2.5 / / / / / / /

References

https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
https://github.com/api-platform/core/pull/5823
https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r

Tags

security-advisories@github.com
CWE-209
2025-04-03
CVE-2023-47639

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    View Vector String

Timeline

Published: April 3, 2025, 5:15 p.m.
Last Modified: April 3, 2025, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.