9 matches found
CVE-2026-48808 Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface and not the regular global sandbox mode. CoreExtension::column receives the active sandbox state via the needsissandboxed channel as a boolean...
EUVD-2026-31113
Twig: Possible sandbox bypass when using a source policy...
CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
Incorrect Authorization
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via callback validation for the sort, filter, map, and reduce filters when sandboxing is enabled through SourcePolicyInterface. An attacker can...
Twig 安全漏洞
Twig is an open-source PHP template engine developed by Twig contributors. Versions 2.16.x and 3.9.0 to 3.25.x of Twig contain security vulnerabilities. These vulnerabilities stem from sandbox bypasses when using the SourcePolicyInterface, allowing attackers to circumvent sandbox restrictions and...
Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
More info at https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface...