CVE-2023-47639

Name of the Vulnerable Software and Affected Versions API Platform Core versions 3.2.0 through 3.2.4

Description The issue concerns the visibility of exception messages in JSON error responses for non-HTTP exceptions. This problem arose from handling more exceptions than previously, leading to the serialization of errors with normalizers, which failed to hide exception details. Although the trace is hidden in production, the message remains visible and can contain sensitive information.

Recommendations For API Platform Core versions 3.2.0 through 3.2.4, update to version 3.2.5 to resolve the issue.