Lucene search
K

9 matches found

CVE
CVE
added yesterday28 views

CVE-2026-48806

Twig’s vulnerability CVE-2026-48806 concerns dynamic mapping keys in ArrayExpression not being wrapped for string coercion, allowing PHP to call __toString() on a Stringable key without SandboxExtension::ensureToStringAllowed(). The issue affects Twig

7.1CVSS6.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/30 6:42 p.m.7 views

Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...

7.1CVSS5.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/30 6:42 p.m.3 views

GHSA-5V5V-WW74-355V Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...

7.1CVSS5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/27 5:41 p.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via dynamic mapping key handling in ArrayExpression. An attacker can bypass the sandbox toString restrictions by using a stringable object as a...

7.1CVSS5.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/07 12:0 a.m.11 views

Fedora: Security Advisory for rust-cranelift-entity (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.3CVSS6.4AI score0.00361EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/02 12:0 a.m.16 views

Fedora: Security Advisory for rust-cranelift-entity (FEDORA-2021-68713440cb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.3CVSS6.4AI score0.00361EPSS
Exploits0References2
Fedora
Fedora
added 2021/09/30 12:54 a.m.28 views

[SECURITY] Fedora 35 Update: rust-cranelift-entity-0.77.0-1.fc35

Data structures using entity references as mapping keys...

6.3CVSS1.7AI score0.00361EPSS
Exploits0
Fedora
Fedora
added 2021/05/31 1:5 a.m.34 views

[SECURITY] Fedora 34 Update: rust-cranelift-entity-0.74.0-1.fc34

Data structures using entity references as mapping keys...

1.7AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Sandbox `__toString()` policy bypass via dynamic mapping keys

More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...

7.1CVSS5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder