Security Advisory

CVE-2020-5274

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-30 19:40:14

Last updated 2024-08-04 08:22:09

Assigner GitHub_M

State PUBLISHED

Description

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5

← Browse all CVEs View on cve.org ↗