CVE-2020-5274

MEDIUM Year: 2020
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-209
View all →

Vulnerability Description

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5

Related Vulnerabilities

CVE-2021-27774

MEDIUM
CVSS:5.4(Medium)

User input included in error response, which could be used in a phishing attack.

CWE-2092021

CVE-2019-12864

MEDIUM
CVSS:5.5(Medium)

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathnam...

CWE-2092019

CVE-2021-1546

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access throu...

CWE-2092021

CVE-2021-3620

MEDIUM
CVSS:5.5(Medium)

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr...

CWE-2092021

CVE-2021-47161

MEDIUM
CVSS:5.5(Medium)

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path 'dspi_request_dma()' should be undone by a 'dspi_release_dma()' cal...

CWE-2092021

CVE-2022-0563

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. Wh...

CWE-2092022