CVE-2020-5274: Information Exposure Through an Error Message
(updated )
In Symfony, some properties of the Exception
were not properly escaped when the ErrorHandler
rendered it stacktrace. In addition, the stacktrace was displayed in a non-debug configuration. The ErrorHandler
now escapes alls properties of the exception, and the stacktrace is only displayed in debug configurations.
References
Detect and mitigate CVE-2020-5274 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →