Lucene search
K

24 matches found

Vulnrichment
Vulnrichment
added 2022/09/28 12:0 a.m.7 views

CVE-2022-39261 Twig may load a template outside a configured directory when using the filesystem loader

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...

7.5CVSS7.5AI score0.01557EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.7 views

PT-2022-24853 · Twig +4 · Twig +4

Name of the Vulnerable Software and Affected Versions: Twig versions 1.x prior to 1.44.7 Twig versions 2.x prior to 2.15.3 Twig versions 3.x prior to 3.4.3 Description: The issue arises when the filesystem loader loads templates for which the name is a user input. It is possible to use the source...

9.8CVSS6.3AI score0.25573EPSS
Exploits14References108
CVE
CVE
added 2022/09/28 12:0 a.m.262 views

CVE-2022-39261

Twig is affected: versions 1.x before 1.44.7, 2.x before 2.15.3, and 3.x before 3.4.3 have a vulnerability where the filesystem loader can read arbitrary files when a template name is user-controlled (e.g., @namespace/../file) due to validation bypass. The fixed releases are 1.44.7, 2.15.3, and 3...

7.5CVSS7.5AI score0.01557EPSS
Exploits0References11Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/04/08 1:16 p.m.8 views

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder