CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.1%
The displayBlock
function Template.php
in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self
variable in a template.
openwall.com/lists/oss-security/2015/08/21/3
openwall.com/lists/oss-security/2015/10/11/2
symfony.com/blog/security-release-twig-1-20-0
www.debian.org/security/2015/dsa-3343
github.com/advisories/GHSA-xw83-pwrm-9j74
github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2015-7809.yaml
github.com/twigphp/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f
github.com/twigphp/Twig/pull/1759
nvd.nist.gov/vuln/detail/CVE-2015-7809
symfony.com/blog/security-release-twig-1-20-0