Path Traversal

twig/twig is vulnerable to path traversal. The vulnerability exists in findTemplate function of FilesystemLoader.php because the template loading directories are not properly configured which allows an attacker to load templates outside the configured directory...

Fedora 30 : php-twig (2019-874015ee38)

Version 1.38.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 1.38.1 2019-03-12 - fixed class aliases ---- Version 1.38.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...

Fedora 28 : php-twig (2019-64f6c399c9)

Version 1.38.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 1.38.1 2019-03-12 - fixed class aliases ---- Version 1.38.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...

Fedora 29 : php-twig2 (2019-a9a37fed18)

Version 2.7.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 2.7.1 2019-03-12 - fixed class aliases ---- Version 2.7.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...