Lucene search
K

5 matches found

NVD
NVD
added 2018/07/10 2:29 p.m.20 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.8CVSS9.7AI score0.0699EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2018/07/10 2:29 p.m.27 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.8CVSS7.2AI score0.0699EPSS
Exploits1References3
OSV
OSV
added 2018/07/10 2:29 p.m.2 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.8CVSS7AI score
Exploits0References5
Cvelist
Cvelist
added 2018/07/10 2:0 p.m.28 views

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

9.7AI score0.0699EPSS
Exploits1References5
CVE
CVE
added 2018/07/10 2:0 p.m.50 views

CVE-2018-13818

Twig before 2.4.4 is vulnerable to Server-Side Template Injection (SSTI) via the search_key parameter. The issue is caused by how Twig interprets the token value. Affected software is Twig versions prior to 2.4.4; remediation is to upgrade to 2.4.4 or later, or to properly wrap/validate input in ...

9.8CVSS9.5AI score0.0699EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder