Lucene search
K

5 matches found

OSV
OSV
added 2026/06/30 6:43 p.m.8 views

GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/30 6:43 p.m.9 views

Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/27 5:41 p.m.13 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in the SandboxNodeVisitor that allows toString policy bypass via Traversable in join/replace filte...

7.1CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2024/07/08 4:43 p.m.5 views

CVE-2024-39701 Directus Incorrectly handles _in` filter

Directus is a real-time API and App dashboard for managing SQL database content. Directus =9.23.0, =v10.5.3 improperly handles in, nin operators. It evaluates empty arrays as valid so expressions like "role": "in": $CURRENTUSER.somefield would evaluate to true allowing the request to pass. This...

6.3CVSS7.2AI score0.00423EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2011-4682

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites...

6.4CVSS7AI score0.02093EPSS
Exploits0References3
Rows per page
Query Builder