10 matches found
Incorrect Authorization
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the column filter’s use of PHP arraycolumn. An attacker can bypass Twig sandbox property restrictions because arraycolumn accesses object...
EUVD-2024-1424
Malicious code in bioql PyPI...
USN-7377-1: Smarty vulnerability
It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-7158-1: Smarty vulnerabilities
It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...
Sensio Labs Twig Path Traversal Vulnerability
Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...
[SECURITY] Fedora 35 Update: php-twig3-3.3.8-1.fc35
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
Debian DLA-2618-3 : smarty3 regression update
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smartysecurity class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in...
Fedora Update for php-twig2 FEDORA-2019-a9a37fed18
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 28 Update: php-twig2-2.7.2-1.fc28
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 22 Update: php-twig-1.20.0-1.fc22
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...