VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-e6gt-66gm-yqbb

Essentials
Severities (18)
References (7)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-e6gt-66gm-yqbb
Aliases	CVE-2023-47639 GHSA-rfw5-cqjj-7v9r
Summary	API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-209	Generation of Error Message Containing Sensitive Information
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2023-47639
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2023-47639
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2023-47639
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-rfw5-cqjj-7v9r
cvssv3.1	5.3	https://github.com/api-platform/core
generic_textual	MODERATE	https://github.com/api-platform/core
cvssv3.1	5.3	https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
generic_textual	MODERATE	https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
ssvc	Track	https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
cvssv3.1	5.3	https://github.com/api-platform/core/pull/5823
generic_textual	MODERATE	https://github.com/api-platform/core/pull/5823
ssvc	Track	https://github.com/api-platform/core/pull/5823
cvssv3.1	5.3	https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
cvssv3.1_qr	MODERATE	https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
generic_textual	MODERATE	https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
ssvc	Track	https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-47639
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-47639

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-47639
		https://github.com/api-platform/core
		https://nvd.nist.gov/vuln/detail/CVE-2023-47639
5823		https://github.com/api-platform/core/pull/5823
ba8a7e6538bccebf14c228e43a9339214c4d9201		https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
GHSA-rfw5-cqjj-7v9r		https://github.com/advisories/GHSA-rfw5-cqjj-7v9r
GHSA-rfw5-cqjj-7v9r		https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/api-platform/core

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:08:11Z/ Found at https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/api-platform/core/pull/5823

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:08:11Z/ Found at https://github.com/api-platform/core/pull/5823

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:08:11Z/ Found at https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-47639

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.63064
EPSS Score	0.00432
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:28:30.947369+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/47xxx/CVE-2023-47639.json	38.6.0