3 matches found
GHSA-JJXQ-FF2G-95VH Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. Resolution The sandbox mode now ensures...
Twig has unguarded calls to `__toString()` when nesting an object into an array
Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...
GHSA-6377-HFV9-HQF6 Twig has unguarded calls to `__toString()` when nesting an object into an array
Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...