Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

GHSA-24X9-R6Q4-Q93W Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

PT-2026-42583

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call template from string and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via Environment::createTemplate when sandboxing is enabled selectively through SourcePolicyInterface. An attacker can bypass Twig sandbox...

PT-2026-42174

Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description When a sandbox is enabled selectively via SourcePolicyInterface rather than globally, a sandboxed template permitted to use template from string and include can render an arbitrary inner template witho...

Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...

📄 V8 StringToBigInt Memory Corruption Sandbox Bypass

V8 suffers from a sandbox bypass vulnerability due to memory corruption during StringToBigInt conversion. The function v8::internal::StringToBigInt is used by V8 when converting a string to a BigInt e.g. via BigInt“1337”. It first parses the string into individual digitt’s in the...

CVE-2026-30662

ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...

CVE-2026-29795

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

DEBIAN-CVE-2025-34451

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password...

EUVD-2024-53516

Malicious code in bioql PyPI...

Prototype Pollution

module-from-string is vulnerable to Prototype pollution. The vulnerability is due to improper handling of user-supplied input in the lib.requireFromString function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...

CVE-2024-57072

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

module-from-string prototype pollution

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

@alvori/app (>=1.0.0-beta.11 <=1.0.0-beta.12), @enhanced-dom/intl (>=0.0.1 <=0.2.0) +112 more potentially affected by CVE-2024-57072 via module-from-string (>=2.3.0 <=3.3.1)

module-from-string NPM version =2.3.0, =1.0.0-beta.11, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.1.1, =0.2.3 and more Source cves: CVE-2024-57072 Source advisory: OSV:GHSA-Q5J8-9M9G-X2JH...

GHSA-Q5J8-9M9G-X2JH module-from-string prototype pollution

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57072

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57072

CVE-2024-57072 affects the module-from-string package (version 3.3.1) via a prototype pollution flaw in the lib.requireFromString function that can cause a Denial of Service (DoS) when a crafted payload is supplied. Exploitation status is not detailed in the provided documents. Remediation guidan...

CVE-2024-57072

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

module-from-string 安全漏洞

module-from-string is a library by the individual developer Xuanbo Cheng. A security vulnerability exists in module-from-string version v3.3.1, which stems from a prototype contamination vulnerability in the lib.requireFromString function...