First published: Fri Dec 15 2023(Updated: )
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.
Credit: ed10eef1-636d-4fbe-9993-6890dfa878f8
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =3.0.0 | |
WSO2 API Manager | =3.1.0 | |
WSO2 API Manager | =3.2.0 | |
WSO2 API Manager | =4.0.0 |
For WSO2 Subscription holders, the recommended solution is to apply the provided patch/update to the affected versions of the products. If there are any instructions given with the patch/update, please make sure those are followed properly. Community users may apply the relevant fixes to the product based on the public fix(s) advertised in https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.