5 matches found
GHSA-6377-HFV9-HQF6 Twig has unguarded calls to `__toString()` when nesting an object into an array
Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...
Twig has unguarded calls to `__toString()` when nesting an object into an array
Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...
Debian dsa-5771 : php-twig - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5771 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz...
Ubuntu: Security Advisory (USN-5947-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
pear-twig -- remote code execution
Fabien Potencier reports: End users can craft valid Twig code that allows them to execute arbitrary code RCEs via the self variable, which is always available, even in sandboxed templates...