Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via incomplete CheckToStringNode enforcement in SandboxNodeVisitor. An attacker can invoke toString on arbitrary objects reachable from the...

USN-7456-1 php-twig vulnerabilities

Fabien Potencier discovered that Twig did not run sandbox security checks in some circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-45411 Jamie Schouten...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware, which stems from a lack of restriction on the context variable, allowing any statically callable PHP function to be called via Twig...

PT-2022-2575 · Twig +3 · Twig +3

Name of the Vulnerable Software and Affected Versions: Twig versions prior to the patched version Description: The issue arises from the lack of proper enforcement of the constraint that the arrow parameter of the sort filter must be a closure when in sandbox mode. This could lead to code injecti...