CVE-2023-47639 MEDIUM

CVE-2023-47639: API Platform Core can leak exceptions message that may contain sensitive information

Vendor Api-Platform
Product core
Weakness CWE-209 · Error message info leak
Published April 3, 2025
Last update April 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.

Key dates

02Disclosure timeline

April 3, 2025 CVE published
April 3, 2025 Record updated