Lucene search
K

10 matches found

GithubExploit
GithubExploit
added 2023/07/04 3:52 p.m.1181 views

Exploit for Code Injection in Symfony Twig

CVE-2022-23614 Proof of concept PoC for CVE-2022-23614ht...

9.8CVSS9.8AI score0.08209EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/03/13 10:55 a.m.430 views

USN-5947-1: Twig vulnerabilities

Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM...

9.8CVSS7AI score0.08209EPSS
Exploits3
OpenVAS
OpenVAS
added 2023/03/13 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-5947-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6AI score0.08209EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.130 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Twig vulnerabilities (USN-5947-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5947-1 advisory. Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects...

9.8CVSS7.1AI score0.08209EPSS
Exploits3References4
GithubExploit
GithubExploit
added 2022/07/18 10:14 a.m.732 views

Exploit for Code Injection in Symfony Twig

CVE-2022-23614 PoC for CVE-2022-23614https://vulners.com/cv...

9.8CVSS9.6AI score0.08209EPSS
Exploits3
Debian
Debian
added 2022/03/24 6:38 a.m.39 views

[SECURITY] [DSA 5107-1] php-twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5107-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 24, 2022 https://www.debian.org/security/faq -...

9.8CVSS9.3AI score0.08209EPSS
Exploits3
OpenVAS
OpenVAS
added 2022/02/13 12:0 a.m.17 views

Fedora: Security Advisory for php-twig2 (FEDORA-2022-47293b1d23)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.08209EPSS
Exploits3References2
CVE
CVE
added 2022/02/04 10:25 p.m.239 views

CVE-2022-23614

CVE-2022-23614 — Twig sandbox bypass via sort filter . In Twig’s sandbox mode, the sort filter’s arrow parameter must be a closure; in affected versions this constraint was not properly enforced, allowing code injection of arbitrary PHP when the filter was misused (e.g., passing a function name l...

9.8CVSS9.4AI score0.08209EPSS
Exploits3References8Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/04 10:25 p.m.6 views

CVE-2022-23614 Code injection in Twig

Twig is an open source template language for PHP. When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of...

8.8CVSS9.8AI score0.08209EPSS
Exploits3References8
Cvelist
Cvelist
added 2022/02/04 10:25 p.m.48 views

CVE-2022-23614 Code injection in Twig

Twig is an open source template language for PHP. When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of...

8.8CVSS9.9AI score0.08209EPSS
Exploits3References8
Rows per page
Query Builder