| CVE-2024-45411 |
BDSA-2024-6162 |
High |
Sep 09, 2024 |
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypas
more...
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
less...
|
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2022-39261 |
BDSA-2022-3401 |
High |
Sep 28, 2022 |
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem l
more...
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
less...
|
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2019-9942 |
|
Low |
Mar 23, 2019 |
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toSt
more...
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
less...
|
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2018-13818 |
BDSA-2018-5241 |
Critical |
Jul 10, 2018 |
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not
more...
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
less...
|
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2015-7809 |
|
|
Nov 06, 2015 |
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary co
more...
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
less...
|
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2001-1537 |
|
High |
Dec 31, 2001 |
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could
more...
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
less...
|
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| BDSA-2024-8258 |
|
Low |
Nov 07, 2024 |
Twig, a template language for PHP, is vulnerable to unauthorized calls to the `__toString()` method in a sandbox environment due to a security policy o
more...
Twig, a template language for PHP, is vulnerable to unauthorized calls to the `__toString()` method in a sandbox environment due to a security policy oversight. This could allow an attacker to execute the `__toString()` method on an object even if it's not permitted by the security policy, particularly when the object is part of an array or an argument list.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2024-8257 |
|
Low |
Nov 07, 2024 |
Twig, a template language for PHP, is vulnerable to unauthorized attribute access in a sandbox environment due to unguarded calls to `__isset()` and ar
more...
Twig, a template language for PHP, is vulnerable to unauthorized attribute access in a sandbox environment due to unguarded calls to `__isset()` and array-accesses. This could allow an attacker to access attributes of Array-like objects without being checked by the security policy, potentially leading to a breach of data confidentiality.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2022-0406 |
|
High |
Feb 11, 2022 |
Twig contains a remote code execution vulnerability. When in `sandbox` mode, an attacker could exploit this issue by altering the `arrow` parameter of
more...
Twig contains a remote code execution vulnerability. When in `sandbox` mode, an attacker could exploit this issue by altering the `arrow` parameter of the `sort` filter, potentially allowing for the running of arbitrary PHP functions.
less...
|
|
