CVE-2020-5274: Information Exposure Through an Error Message

March 30, 2020 (updated April 1, 2020)

In Symfony, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace was displayed in a non-debug configuration. The ErrorHandler now escapes alls properties of the exception, and the stacktrace is only displayed in debug configurations.

References

nvd.nist.gov/vuln/detail/CVE-2020-5274

Code Behaviors & Features

Detect and mitigate CVE-2020-5274 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →