CVE-2023-47639

MEDIUM

Api-platform Core < 3.2.5 - Error Information Exposure

Title source: rule

Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.

References (3)

[Issue Tracking] https://github.com/api-platform/core/pull/5823

[Vendor Advisory] https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r

[Patch] https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (2)

api-platform/core 3.2.0 - 3.2.5Packagist

api-platform/core >= 3.2.0, < 3.2.5

Published Apr 03, 2025

Tracked Since Feb 18, 2026