CVE-2023-47639

medium

Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.

References

https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r

https://github.com/api-platform/core/pull/5823

https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201

Details

Source: Mitre, NVD

Published: 2025-04-03

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N