Lucene search
K

5 matches found

UbuntuCve
UbuntuCve
added 2018/07/10 2:29 p.m.28 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.8CVSS7.2AI score0.0699EPSS
Exploits1References3
NVD
NVD
added 2018/07/10 2:29 p.m.21 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.8CVSS9.7AI score0.0699EPSS
Exploits1References5
OSV
OSV
added 2018/07/10 2:29 p.m.3 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.8CVSS7AI score
Exploits0References5
CVE
CVE
added 2018/07/10 2:0 p.m.50 views

CVE-2018-13818

Twig before 2.4.4 is vulnerable to Server-Side Template Injection (SSTI) via the search_key parameter. The issue is caused by how Twig interprets the token value. Affected software is Twig versions prior to 2.4.4; remediation is to upgrade to 2.4.4 or later, or to properly wrap/validate input in ...

9.8CVSS9.5AI score0.0699EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2018/07/10 2:0 p.m.29 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.7AI score0.0699EPSS
Exploits1References5
Rows per page
Query Builder