Lucene search
+L

5 matches found

osv
osv
added 2024/11/06 7:52 p.m.9 views

GHSA-6377-HFV9-HQF6 Twig has unguarded calls to `__toString()` when nesting an object into an array

Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...

2.2CVSS3.7AI score0.0044EPSS
Exploits0References7
github
github
added 2024/11/06 7:52 p.m.28 views

Twig has unguarded calls to `__toString()` when nesting an object into an array

Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...

2.2CVSS3.7AI score0.0044EPSS
Exploits0References7Affected Software1
nessus
nessus
added 2024/09/17 12:0 a.m.19 views

Debian dsa-5771 : php-twig - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5771 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz...

8.6CVSS8.1AI score0.00833EPSS
Exploits0References4
openvas
openvas
added 2023/03/13 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-5947-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6AI score0.08209EPSS
Exploits3References2
freebsd
freebsd
added 2015/08/12 12:0 a.m.28 views

pear-twig -- remote code execution

Fabien Potencier reports: End users can craft valid Twig code that allows them to execute arbitrary code RCEs via the self variable, which is always available, even in sandboxed templates...

6.8CVSS7.3AI score0.03398EPSS
Exploits0References1
Rows per page
Query Builder