VulnerableCode Package Details - pkg:composer/symfony/error-handler@5.0.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ugce-e42m-1fgj	Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.	CVE-2020-5274 GHSA-m884-279h-32v2

Vulnerability

Summary

Aliases

VCID-ugce-e42m-1fgj

Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.

CVE-2020-5274
GHSA-m884-279h-32v2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:02:10.887216+00:00	GitLab Importer	Fixing	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.4.0
2026-04-11T22:13:30.658251+00:00	GitLab Importer	Fixing	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.3.0
2026-04-02T22:25:51.533579+00:00	GitLab Importer	Fixing	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.1.0
2026-04-01T16:43:48.429643+00:00	GitLab Importer	Fixing	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.0.0
2026-04-01T15:58:01.925098+00:00	GHSA Importer	Fixing	VCID-ugce-e42m-1fgj	https://github.com/advisories/GHSA-m884-279h-32v2	38.0.0
2026-04-01T13:00:13.918545+00:00	GithubOSV Importer	Fixing	VCID-ugce-e42m-1fgj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-m884-279h-32v2/GHSA-m884-279h-32v2.json	38.0.0