13 matches found
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...
PT-2026-42690
Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...
WordPress Timber plugin <= 1.23.1 - Use of a Vulnerable Dependency vulnerability
Use of a Vulnerable Dependency vulnerability discovered by WordFence in WordPress Plugin Timber versions = 1.23.1...
Ubuntu 24.04 LTS / 24.10 : Twig vulnerability (USN-7549-1)
The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7549-1 advisory. It was discovered that Twig did not correctly handle securing user input. An attacker could possibly use this issue to cause Twig to expose sensitive...
Ubuntu: Security Advisory (USN-7549-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7549-1: Twig vulnerability
It was discovered that Twig did not correctly handle securing user input. An attacker could possibly use this issue to cause Twig to expose sensitive information if it opened a specially crafted file. CVE-2024-45411...
[SECURITY] [DSA 5771-1] php-twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2024 https://www.debian.org/security/faq -...
Debian dsa-5771 : php-twig - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5771 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz...
[SECURITY] [DLA 3888-1] php-twig security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3888-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 16, 2024 https://wiki.debian.org/LTS -...
Debian dla-3888 : php-twig - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3888 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3888-1 [email protected] https://www.debian.org/lts/security/...
CVE-2024-45411
creationtimestamp| type| source ---|---|--- 2024-09-09 22:20:18+00:00| seen| https://t.me/cvedetector/5123 2026-05-20 10:32:42+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpcgntea2u...
CVE-2024-45411
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0...
`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
More info at https://symfony.com/cve-2026-46638...