CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5

CVSS v3 5.4 MEDIUM
CVSS v2.0 5.5 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db	Patch Third Party Advisory
https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad	Patch Third Party Advisory
https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::

History

No history.

Information

Published : 2020-03-30 20:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-5274

Mitre link : CVE-2020-5274

CVE.ORG link : CVE-2020-5274

JSON object : View

Products Affected

sensiolabs

symfony

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2020-5274", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2020-03-30T20:15:19.633", "references": [{"url": "https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5"}, {"lang": "es", "value": "En Symfony versiones anteriores a 5.0.5 y 4.4.5, algunas propiedades de la Excepci\u00f3n no fueron escapados apropiadamente cuando el \"ErrorHandler\" la renderiz\u00f3 en stacktrace. Adem\u00e1s, el stacktrace fue desplegado incluso en una configuraci\u00f3n sin depuraci\u00f3n. ErrorHandler ahora escapa de todas las propiedades de la excepci\u00f3n, y el stacktrace se muestra solo en la configuraci\u00f3n de depuraci\u00f3n. Este problema est\u00e1 parcheado en Symfony/http-foundation versiones 4.4.5 y 5.0.5."}], "lastModified": "2020-04-01T20:34:09.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A736C1DC-7AB3-4406-ABD8-60C143F225E4", "versionEndExcluding": "4.4.4", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FB6307-56EA-4047-ABE0-4658CD8358FB", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}