Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2026/05/21 9:28 p.m.16 views

Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

8.6CVSS5.8AI score0.00826EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42690

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

8.6CVSS5.8AI score0.00826EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/07/25 1:25 a.m.12 views

WordPress Timber plugin <= 1.23.1 - Use of a Vulnerable Dependency vulnerability

Use of a Vulnerable Dependency vulnerability discovered by WordFence in WordPress Plugin Timber versions = 1.23.1...

8.6CVSS9AI score0.00826EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/03 12:0 a.m.4 views

Ubuntu 24.04 LTS / 24.10 : Twig vulnerability (USN-7549-1)

The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7549-1 advisory. It was discovered that Twig did not correctly handle securing user input. An attacker could possibly use this issue to cause Twig to expose sensitive...

8.6CVSS8.2AI score0.00826EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/06/03 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-7549-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.1AI score0.00826EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/06/02 2:53 p.m.7 views

USN-7549-1: Twig vulnerability

It was discovered that Twig did not correctly handle securing user input. An attacker could possibly use this issue to cause Twig to expose sensitive information if it opened a specially crafted file. CVE-2024-45411...

8.6CVSS8.2AI score0.00826EPSS
Exploits0
Debian
Debian
added 2024/09/17 8:50 p.m.12 views

[SECURITY] [DSA 5771-1] php-twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2024 https://www.debian.org/security/faq -...

8.6CVSS6.4AI score0.00826EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/17 12:0 a.m.18 views

Debian dsa-5771 : php-twig - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5771 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz...

8.6CVSS8.1AI score0.00826EPSS
Exploits0References4
Debian
Debian
added 2024/09/16 10:7 a.m.9 views

[SECURITY] [DLA 3888-1] php-twig security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3888-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 16, 2024 https://wiki.debian.org/LTS -...

8.6CVSS6.5AI score0.00826EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.23 views

Debian dla-3888 : php-twig - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3888 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3888-1 [email protected] https://www.debian.org/lts/security/...

8.6CVSS8.1AI score0.00826EPSS
Exploits0References4
Circl
Circl
added 2024/09/09 10:20 p.m.3 views

CVE-2024-45411

creationtimestamp| type| source ---|---|--- 2024-09-09 22:20:18+00:00| seen| https://t.me/cvedetector/5123 2026-05-20 10:32:42+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpcgntea2u...

8.6CVSS7.3AI score0.00826EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/09/09 7:15 p.m.10 views

CVE-2024-45411

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0...

8.6CVSS7.2AI score0.00826EPSS
Exploits0References9
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

More info at https://symfony.com/cve-2026-46638...

8.6CVSS5.8AI score0.00826EPSS
Exploits0Affected Software1
Rows per page
Query Builder