Lucene search
Veracode Vulnerability DatabaseVERACODE:27966HistoryNov 24, 2020 - 1:52 a.m.
Arbitrary Code Execution
2020-11-2401:52:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.0004 Low
EPSS
Percentile
12.7%
October is vulnerable to arbitrary code execution. An authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions is allowed to write malicious Twig code leading to an escape from sandbox even if cms.enableSafeMode is set.
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/october | eq | 1.1.0 | |
| october/october | le | 1.0.468 | |
| october/cms | eq | 1.1.0 | |
| october/cms | le | 1.0.469 | |
| october/october | eq | 1.1.0 | |
| october/october | le | 1.0.468 | |
| october/cms | eq | 1.1.0 | |
| october/cms | le | 1.0.469 |
Related
osv
osv
CVE-2020-15247
2020-11-23 20:15:12
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
2020-11-23 19:48:27
Bypass of fix for CVE-2020-15247, Twig sandbox escape
2020-11-23 20:54:18
nvd
nvd
cve
cve
prion
prion
Double free
2020-11-23 20:15:00
Design/Logic Flaw
2020-11-23 21:15:00
Design/Logic Flaw
2021-05-03 16:15:00
cvelist
cvelist
CVE-2020-15247 Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
2020-11-23 19:35:14
CVE-2020-26231 Bypass of fix for CVE-2020-15247, Twig sandbox escape
2020-11-23 20:55:14
CVE-2021-21264 Bypass of fix for CVE-2020-26231, Twig sandbox escape
2021-05-03 16:00:18
github
github
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
2020-11-23 19:48:27
Bypass of fix for CVE-2020-15247, Twig sandbox escape
2020-11-23 20:54:18
Bypass of fix for CVE-2020-26231, Twig sandbox escape
2021-05-04 17:42:33
veracode
veracode
Sandbox Escape
2020-11-24 07:31:27