Products
Twig
- 1.44.8
- 2.16.1
- 3.14.0
Source
security-advisories@github.com
Tags
CVE-2024-45411 details
Published : Sept. 9, 2024, 7:15 p.m.
Last Modified : Sept. 9, 2024, 7:15 p.m.
Last Modified : Sept. 9, 2024, 7:15 p.m.
Description
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.5 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-693 | Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.5
Exploitability Score
1.8
Impact Score
6.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6 | security-advisories@github.com |
https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de | security-advisories@github.com |
https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233 | security-advisories@github.com |
https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66 | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.