VulnerableCode Package Details - pkg:composer/symfony/error-handler@4.4.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-b3pv-hr34-kucf	Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.	CVE-2020-5274 GHSA-m884-279h-32v2

Vulnerability

Summary

Aliases

VCID-b3pv-hr34-kucf

Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.

CVE-2020-5274
GHSA-m884-279h-32v2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:40:03.590355+00:00	GitLab Importer	Fixing	VCID-b3pv-hr34-kucf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	37.0.0
2025-07-03T13:55:08.405662+00:00	GitLab Importer	Fixing	VCID-b3pv-hr34-kucf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	36.1.3
2025-07-01T14:30:08.453213+00:00	GHSA Importer	Fixing	VCID-b3pv-hr34-kucf	https://github.com/advisories/GHSA-m884-279h-32v2	36.1.3
2025-07-01T12:17:09.794152+00:00	GithubOSV Importer	Fixing	VCID-b3pv-hr34-kucf	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-m884-279h-32v2/GHSA-m884-279h-32v2.json	36.1.3