14 matches found
EUVD-2022-1558
Malicious code in bioql PyPI...
CVE-2024-51754
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
GHSA-6377-HFV9-HQF6 Twig has unguarded calls to `__toString()` when nesting an object into an array
Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...
Twig has unguarded calls to `__toString()` when nesting an object into an array
Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...
CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
GHSA-RC5R-697F-28X6 XSS injection in the Grid component of Sylius
Grid component of Sylius omits HTML input sanitisation while rendering object implementing toString method through the string field type...
XSS injection in the Grid component of Sylius
Grid component of Sylius omits HTML input sanitisation while rendering object implementing toString method through the string field type...
Cross-Site Scripting (XSS)
sylius is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via multiple parameters in the grid component due to a lack of input and output sanitization while rendering an object that implements the toString method through the...
Information disclosure
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the security policy in place...
CVE-2019-9942
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the security policy in place...
CVE-2018-19789
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...
Type confusion
The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code via an unexpected data type, related to a...
Unguarded calls to __toString() when nesting an object into an array
More info at https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list...