Lucene search
+L

11 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-48806

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

9.1CVSS0.00234EPSS
Exploits0References3
CVE
CVE
added 4 days ago32 views

CVE-2026-48806

Twig (PHP) prior to 3.27.0 is vulnerable to a Sandbox __toString() policy bypass via dynamic mapping keys in ArrayExpression. The issue allows a Stringable object used as a mapping key to invoke its __toString() without SandboxExtension::ensureToStringAllowed(), enabling potential data exposure a...

9.1CVSS6.1AI score0.00234EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-48806 Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS6.1AI score0.00234EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/30 6:42 p.m.9 views

Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...

9.1CVSS5.8AI score0.00234EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/30 6:42 p.m.6 views

GHSA-5V5V-WW74-355V Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...

9.1CVSS5.8AI score0.00234EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/27 5:41 p.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via dynamic mapping key handling in ArrayExpression. An attacker can bypass the sandbox toString restrictions by using a stringable object as a...

9.1CVSS5.8AI score0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 7:13 p.m.9 views

CVE-2025-43757

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7....

4.8CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/08/19 9:30 p.m.5 views

GHSA-M49P-6CJP-X2H3 Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS5.7AI score0.00166EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.3 views

PT-2024-27444 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of passthrough type. Under certain circumstances, ingestin...

4.9CVSS6.4AI score0.00529EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2024/06/08 2:51 a.m.3 views

SUSE CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of "passthrough" type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS4.8AI score0.00529EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Sandbox `__toString()` policy bypass via dynamic mapping keys

More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...

9.1CVSS5.8AI score0.00234EPSS
Exploits0Affected Software1
Rows per page
Query Builder