Twig: PHP code injection via `{% use %}` template name

Description Compiler::string escapes ", $, , NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In ModuleNode::compileConstructor, the template name from a % use % tag is compiled via subcompile - string and placed inside a surrounding PHP...

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via template name handling in the % use % tag compilation path. An attacker can execute arbitrary PHP code by supplying a crafted template nam...

PT-2026-42173

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The Compiler::string function fails to escape single quotes when generating PHP double-quoted string literals. In ModuleNode::compileConstructor, template names from a % use % tag are processed...

Astra Linux – Vulnerability in Firefox

tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrectly canceled inode use tag in the wrong path, which could lead to an inode use tag leak...

CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

Deserialization of untrusted data

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

php-svg-lib security vulnerability

php-svg-lib is an open source SVG file parsing/rendering library from dompdf. A security vulnerability exists in versions of php-svg-lib prior to 0.5.1, which stems from the fact that parsing attributes passed to the use tag within an svg document may cause the system to enter infinite recursion,...

php-svg-lib security vulnerability

php-svg-lib is an open source SVG file parsing/rendering library from dompdf. A security vulnerability exists in php-svg-lib versions prior to 0.5.1. The vulnerability stems from the fact that when processing a use tag that references an image tag, the attributes in the use tag are merged into th...

PT-2023-31509 · Unknown · Php-Svg-Lib

Name of the Vulnerable Software and Affected Versions: php-svg-lib versions prior to 0.5.1 Description: The issue arises when parsing attributes passed to a use tag inside an SVG document, allowing an attacker to cause the system to go into infinite recursion. This could exhaust the memory...

PT-2023-31510 · Unknown +1 · Php-Svg-Lib +1

Name of the Vulnerable Software and Affected Versions: php-svg-lib versions prior to 0.5.1 Description: The issue arises when handling tags that reference tags, as it merges attributes from the tag to the tag. This is particularly problematic when the href attribute from the tag has not been...

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

UBUNTU-CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...