Lucene search
+L

7 matches found

cve
cve
added 2 days ago29 views

CVE-2026-48807

CVE-2026-48807 - Twig sandbox bypass via Traversable in join/replace and in/not in operators Affected: Twig template engine for PHP (prior to 3.27.0). Issue: The sandboxed __toString() checks fail to fully cover Traversable values passed to join and replace filters or operands evaluated by in/not...

7.1CVSS6.1AI score0.00235EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago38 views

CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS0.00235EPSS
Exploits0References2
github
github
added 2026/06/30 6:43 p.m.10 views

Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/30 6:43 p.m.8 views

GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References5
snyk
snyk
added 2026/05/27 5:41 p.m.13 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in the SandboxNodeVisitor that allows toString policy bypass via Traversable in join/replace filte...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/06/06 12:0 a.m.3 views

PT-2025-26867

Name of the Vulnerable Software and Affected Versions: jackson-core versions prior to 2.15.0 Description: The issue arises when parsing input files with deeply nested data, potentially causing a StackoverflowError due to excessive depth. A configurable limit for traversal depth has been introduce...

8.7CVSS6.8AI score0.00634EPSS
Exploits0References40
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.10 views

Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators

More info at https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators...

7.1CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Rows per page
Query Builder