9 matches found
CVE-2026-48806
Twig’s vulnerability CVE-2026-48806 concerns dynamic mapping keys in ArrayExpression not being wrapped for string coercion, allowing PHP to call __toString() on a Stringable key without SandboxExtension::ensureToStringAllowed(). The issue affects Twig
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...
GHSA-5V5V-WW74-355V Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...
Incorrect Authorization
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via dynamic mapping key handling in ArrayExpression. An attacker can bypass the sandbox toString restrictions by using a stringable object as a...
Fedora: Security Advisory for rust-cranelift-entity (FEDORA-2021-1805eacb48)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rust-cranelift-entity (FEDORA-2021-68713440cb)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: rust-cranelift-entity-0.77.0-1.fc35
Data structures using entity references as mapping keys...
[SECURITY] Fedora 34 Update: rust-cranelift-entity-0.74.0-1.fc34
Data structures using entity references as mapping keys...
Sandbox `__toString()` policy bypass via dynamic mapping keys
More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...