CVE-2023-47639
MEDIUMAPI Platform Core 3.2.0-3.2.4 - Sensitive Information Exposure via Error Message
Title source: llmDescription
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.
References (3)
Core 3
Core References
Issue Tracking x_refsource_misc
https://github.com/api-platform/core/pull/5823
Vendor Advisory x_refsource_confirm
https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
Scores
CVSS v3
5.3
EPSS
0.0031
EPSS Percentile
22.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-209
Status
published
Products (2)
api-platform/core
3.2.0 - 3.2.5Packagist
api-platform/core
>= 3.2.0, < 3.2.5
Published
Apr 03, 2025
Tracked Since
Feb 18, 2026