5 matches found
CVE-2018-13818
Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...
CVE-2018-13818
Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...
CVE-2018-13818
Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...
CVE-2018-13818
Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...
CVE-2018-13818
Twig before 2.4.4 is vulnerable to Server-Side Template Injection (SSTI) via the search_key parameter. The issue is caused by how Twig interprets the token value. Affected software is Twig versions prior to 2.4.4; remediation is to upgrade to 2.4.4 or later, or to properly wrap/validate input in ...