EPSS
Percentile
93.5%
twig/twig is vulnerable to server-side template injection (SSTI) attacks. The vulnerabiltiy exists due to the way twig/twig interprets the value of the token in the templates, allowing commands to be executed depending on the vulnerable application.
github.com/twigphp/Twig/commit/cd06d3c69619dcf5bfdbfe5d1f18923389a5bd43
github.com/twigphp/Twig/pull/2543
www.exploit-db.com/exploits/44102/