Lucene search
K

6 matches found

OSV
OSV
added 2024/11/06 7:52 p.m.12 views

GHSA-JJXQ-FF2G-95VH Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. Resolution The sandbox mode now ensures...

2.2CVSS3.4AI score0.00414EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/11/06 7:52 p.m.28 views

Twig has unguarded calls to `__toString()` when nesting an object into an array

Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...

2.2CVSS3.7AI score0.0044EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/11/06 7:52 p.m.9 views

GHSA-6377-HFV9-HQF6 Twig has unguarded calls to `__toString()` when nesting an object into an array

Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...

2.2CVSS3.7AI score0.0044EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/11/06 7:28 p.m.30 views

CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

2.2CVSS0.0044EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.29 views

Unguarded calls to __toString() when nesting an object into an array

More info at https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list...

2.2CVSS5.9AI score0.0044EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.17 views

Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

More info at https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox...

2.2CVSS5.9AI score0.00414EPSS
Exploits0Affected Software1
Rows per page
Query Builder