5 matches found
GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...
Improper Validation of Specified Index, Position, or Offset in Input
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in the SandboxNodeVisitor that allows toString policy bypass via Traversable in join/replace filte...
CVE-2024-39701 Directus Incorrectly handles _in` filter
Directus is a real-time API and App dashboard for managing SQL database content. Directus =9.23.0, =v10.5.3 improperly handles in, nin operators. It evaluates empty arrays as valid so expressions like "role": "in": $CURRENTUSER.somefield would evaluate to true allowing the request to pass. This...
SUSE CVE-2011-4682
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites...