Published: 30/03/2020 Updated: 01/04/2020

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

In Symfony prior to 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5

Vulnerable Product	Search on Vulmon	Subscribe to Product
sensiolabs symfony

Debian Bug report logs - #961415 symfony: CVE-2020-5275 CVE-2020-5274 CVE-2020-5255 Package: src:symfony; Maintainer for src:symfony is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 May 2020 11:27:02 UTC Severity: grave Tags: se ...

CWE-209 https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2 https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-5274

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect