CVE-2020-5274

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-5274

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5274.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-5274

Aliases

Downstream

DEBIAN-CVE-2020-5274

Published

2020-03-30T20:15:19.633Z

Modified

2026-03-10T23:30:47.240097847Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type

GIT

Repo

https://github.com/symfony/symfony

Events

Introduced

625a4dbfdafcb8cea8ff90a62b9c24b28694938d

Fixed

488093b6fb1fb2064dd79dccd7ed542512188af5

Introduced

ea815ba986fe3be54acb5a47b0dc8760cf54e31d

Fixed

03e6126338b0e37c4dd6481ed0f517ed3de99110

Fixed

629d21b800a15dc649fb0ae9ed7cd9211e7e45db

Fixed

cf80224589ac05402d4f72f5ddf80900ec94d5ad

Database specific

{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.4"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.4"
        }
    ]
}

Affected versions

v3.*

v3.4.36

v3.4.37

v4.*

v4.3.10

v4.3.9

v4.4.0

v4.4.1

v4.4.2

v4.4.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5274.json"