CVE-2020-5274MEDIUM≥ 4.4.0, < 4.4.4·≥ 5.0.0, < 5.0.42020-03-30
CVE-2020-5274 [MEDIUM] CWE-209 Exceptions displayed in non-debug configurations in Symfony
Exceptions displayed in non-debug configurations in Symfony
Description
When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments.
Resolution
The `ErrorHandler` class now escapes all properties coming from the rela
ghsaosv