Search for packages
| purl | pkg:composer/symfony/error-handler@4.4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b3pv-hr34-kucf
Aliases: CVE-2020-5274 GHSA-m884-279h-32v2 |
Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T17:40:03.584779+00:00 | GitLab Importer | Affected by | VCID-b3pv-hr34-kucf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml | 37.0.0 |