CVE-2023-47639: API Platform Core can leak exceptions message that may contain sensitive information

April 3, 2025 (updated April 4, 2025)

Exception messages, that are not HTTP exceptions, are visible in the JSON error response.

References

github.com/advisories/GHSA-rfw5-cqjj-7v9r
github.com/api-platform/core
github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201
github.com/api-platform/core/pull/5823
github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r
nvd.nist.gov/vuln/detail/CVE-2023-47639

Code Behaviors & Features

Detect and mitigate CVE-2023-47639 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →