Description

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.

INFO

Published Date :

2024-09-09T18:20:28.363Z

Last Modified :

2024-09-16T12:04:18.107Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45411 vulnerability.

Vendors Products
Symfony
  • Twig
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45411.

URL Resource
https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6 cve-icon cve-icon
https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de cve-icon cve-icon
https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233 cve-icon cve-icon
https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/09/msg00031.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact