2 matches found
UBUNTU-CVE-2024-51754
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
PHP '__toString()' Function Type Obfuscation Information Disclosure Vulnerability
PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from a type confusion vulnerability in the 'toString' function. An attacker can exploit this vulnerability to obtain vulnerability information...