Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for twig by symfony

    CVE-2026-24425 (GCVE-0-2026-24425)

    Vulnerability from nvd – Published: 2026-05-20 13:45 – Updated: 2026-05-20 15:44 X_Open Source
    VLAI
    Title
    Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
    Summary
    Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: 3.9.0 , < 3.26.0 (semver)
    Affected: 2.16.* (custom)
    Create a notification for this product.
    Date Public
    2026-05-20 00:00
    Credits
    Nicolò Ribaudo Fabien Potencier VulnCheck
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24425",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T15:43:54.656189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:33.359Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Twig",
              "repo": "https://github.com/twigphp/Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "lessThan": "3.26.0",
                  "status": "affected",
                  "version": "3.9.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.16.*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicol\u00f2 Ribaudo"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Fabien Potencier"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulnCheck"
            }
          ],
          "datePublic": "2026-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTwig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.\u003c/p\u003e"
                }
              ],
              "value": "Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T13:45:43.338Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-2q52-x2ff-qgfr"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/twigphp/Twig/releases/tag/v3.26.0"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/twig-x-x-sandbox-bypass-via-sourcepolicyinterface"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Twig 2.16.x \u0026 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-24425",
        "datePublished": "2026-05-20T13:45:02.413Z",
        "dateReserved": "2026-01-22T20:23:19.801Z",
        "dateUpdated": "2026-05-20T15:44:33.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45411 (GCVE-0-2024-45411)

    Vulnerability from nvd – Published: 2024-09-09 18:20 – Updated: 2024-09-16 12:04
    VLAI
    Title
    Twig has a possible sandbox bypass
    Summary
    Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: > 1.0.0, < 1.44.8
    Affected: > 2.0.0, < 2.16.1
    Affected: > 3.0.0, < 3.14.0
    Create a notification for this product.
    symfony twig Affected: 1.0.0 , < 1.44.8 (custom)
    Affected: 2.0.0 , < 2.16.1 (custom)
    Affected: 3.0.0 , < 3.14.0 (custom)
        cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "twig",
                "vendor": "symfony",
                "versions": [
                  {
                    "lessThan": "1.44.8",
                    "status": "affected",
                    "version": "1.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2.16.1",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "3.14.0",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T18:37:50.091764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T18:39:52.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-16T12:04:18.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00031.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e 1.0.0, \u003c 1.44.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e 2.0.0, \u003c 2.16.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e 3.0.0, \u003c 3.14.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-09T18:20:28.363Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66"
            },
            {
              "name": "https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6"
            },
            {
              "name": "https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de"
            },
            {
              "name": "https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233"
            }
          ],
          "source": {
            "advisory": "GHSA-6j75-5wfj-gh66",
            "discovery": "UNKNOWN"
          },
          "title": "Twig has a possible sandbox bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45411",
        "datePublished": "2024-09-09T18:20:28.363Z",
        "dateReserved": "2024-08-28T20:21:32.805Z",
        "dateUpdated": "2024-09-16T12:04:18.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-39261 (GCVE-0-2022-39261)

    Vulnerability from nvd – Published: 2022-09-28 00:00 – Updated: 2025-04-23 16:54
    VLAI
    Title
    Twig may load a template outside a configured directory when using the filesystem loader
    Summary
    Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: => 1.0.0, < 1.44.7
    Affected: >= 2.0.0, < 2.15.3
    Affected: >= 3.0.0, < 3.4.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:00:43.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2022-016"
              },
              {
                "name": "DSA-5248",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5248"
              },
              {
                "name": "FEDORA-2022-4490a4772d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/"
              },
              {
                "name": "FEDORA-2022-d39b2a755b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/"
              },
              {
                "name": "FEDORA-2022-1695454935",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/"
              },
              {
                "name": "FEDORA-2022-9d8ee4a6de",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/"
              },
              {
                "name": "[debian-lts-announce] 20221011 [SECURITY] [DLA 3147-1] twig security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html"
              },
              {
                "name": "FEDORA-2022-c6fe3ebd94",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/"
              },
              {
                "name": "FEDORA-2022-73b9fb7a77",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-39261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:50:56.522548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:54:59.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "=\u003e 1.0.0, \u003c 1.44.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.15.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.0.0, \u003c 3.4.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates\u0027 directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-14T00:00:00.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33"
            },
            {
              "url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b"
            },
            {
              "url": "https://www.drupal.org/sa-core-2022-016"
            },
            {
              "name": "DSA-5248",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5248"
            },
            {
              "name": "FEDORA-2022-4490a4772d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/"
            },
            {
              "name": "FEDORA-2022-d39b2a755b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/"
            },
            {
              "name": "FEDORA-2022-1695454935",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/"
            },
            {
              "name": "FEDORA-2022-9d8ee4a6de",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/"
            },
            {
              "name": "[debian-lts-announce] 20221011 [SECURITY] [DLA 3147-1] twig security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html"
            },
            {
              "name": "FEDORA-2022-c6fe3ebd94",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/"
            },
            {
              "name": "FEDORA-2022-73b9fb7a77",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/"
            }
          ],
          "source": {
            "advisory": "GHSA-52m2-vc4m-jj33",
            "discovery": "UNKNOWN"
          },
          "title": "Twig may load a template outside a configured directory when using the filesystem loader"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-39261",
        "datePublished": "2022-09-28T00:00:00.000Z",
        "dateReserved": "2022-09-02T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:54:59.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23614 (GCVE-0-2022-23614)

    Vulnerability from nvd – Published: 2022-02-04 22:25 – Updated: 2025-04-23 19:08
    VLAI
    Title
    Code injection in Twig
    Summary
    Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: >= 3.0.0, < 3.3.8
    Affected: >= 2.0.0, < 2.14.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:46.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5"
              },
              {
                "name": "FEDORA-2022-167b9becef",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/"
              },
              {
                "name": "FEDORA-2022-47293b1d23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/"
              },
              {
                "name": "FEDORA-2022-7d871d7583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/"
              },
              {
                "name": "FEDORA-2022-58abb323f0",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/"
              },
              {
                "name": "DSA-5107",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5107"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:56:43.403255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T19:08:27.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.0.0, \u003c 3.3.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.14.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-24T14:06:10.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5"
            },
            {
              "name": "FEDORA-2022-167b9becef",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/"
            },
            {
              "name": "FEDORA-2022-47293b1d23",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/"
            },
            {
              "name": "FEDORA-2022-7d871d7583",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/"
            },
            {
              "name": "FEDORA-2022-58abb323f0",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/"
            },
            {
              "name": "DSA-5107",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5107"
            }
          ],
          "source": {
            "advisory": "GHSA-5mv2-rx3q-4w2v",
            "discovery": "UNKNOWN"
          },
          "title": "Code injection in Twig",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-23614",
              "STATE": "PUBLIC",
              "TITLE": "Code injection in Twig"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Twig",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 3.0.0, \u003c 3.3.8"
                              },
                              {
                                "version_value": "\u003e= 2.0.0, \u003c 2.14.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "twigphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5"
                },
                {
                  "name": "FEDORA-2022-167b9becef",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/"
                },
                {
                  "name": "FEDORA-2022-47293b1d23",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/"
                },
                {
                  "name": "FEDORA-2022-7d871d7583",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/"
                },
                {
                  "name": "FEDORA-2022-58abb323f0",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/"
                },
                {
                  "name": "DSA-5107",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5107"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-5mv2-rx3q-4w2v",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-23614",
        "datePublished": "2022-02-04T22:25:11.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2025-04-23T19:08:27.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9942 (GCVE-0-2019-9942)

    Vulnerability from nvd – Published: 2019-03-23 14:31 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:08.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://symfony.com/blog/twig-sandbox-information-disclosure"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077"
              },
              {
                "name": "DSA-4419",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4419"
              },
              {
                "name": "20190331 [SECURITY] [DSA 4419-1] twig security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Mar/60"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-01T07:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://symfony.com/blog/twig-sandbox-information-disclosure"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077"
            },
            {
              "name": "DSA-4419",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4419"
            },
            {
              "name": "20190331 [SECURITY] [DSA 4419-1] twig security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Mar/60"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://symfony.com/blog/twig-sandbox-information-disclosure",
                  "refsource": "MISC",
                  "url": "https://symfony.com/blog/twig-sandbox-information-disclosure"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077"
                },
                {
                  "name": "DSA-4419",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4419"
                },
                {
                  "name": "20190331 [SECURITY] [DSA 4419-1] twig security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Mar/60"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9942",
        "datePublished": "2019-03-23T14:31:53.000Z",
        "dateReserved": "2019-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:08.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13818 (GCVE-0-2018-13818)

    Vulnerability from nvd – Published: 2018-07-10 14:00 – Updated: 2024-08-05 09:14 Disputed
    VLAI
    Summary
    Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb"
              },
              {
                "name": "44102",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44102/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/issues/2743"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-21T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb"
            },
            {
              "name": "44102",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44102/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/issues/2743"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-13818",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb"
                },
                {
                  "name": "44102",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44102/"
                },
                {
                  "name": "https://github.com/twigphp/Twig/issues/2743",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/issues/2743"
                },
                {
                  "name": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20",
                  "refsource": "MISC",
                  "url": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-13818",
        "datePublished": "2018-07-10T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:14:47.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7809 (GCVE-0-2015-7809)

    Vulnerability from nvd – Published: 2015-11-06 21:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/pull/1759"
              },
              {
                "name": "DSA-3343",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3343"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://symfony.com/blog/security-release-twig-1-20-0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f"
              },
              {
                "name": "[oss-security] 20151011 Re: CVE Request: twig remote code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2015/10/11/2"
              },
              {
                "name": "[oss-security] 20150821 CVE Request: twig remote code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2015/08/21/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-11-06T20:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/twigphp/Twig/pull/1759"
            },
            {
              "name": "DSA-3343",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3343"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://symfony.com/blog/security-release-twig-1-20-0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f"
            },
            {
              "name": "[oss-security] 20151011 Re: CVE Request: twig remote code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2015/10/11/2"
            },
            {
              "name": "[oss-security] 20150821 CVE Request: twig remote code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2015/08/21/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/twigphp/Twig/pull/1759",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/twigphp/Twig/pull/1759"
                },
                {
                  "name": "DSA-3343",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3343"
                },
                {
                  "name": "http://symfony.com/blog/security-release-twig-1-20-0",
                  "refsource": "CONFIRM",
                  "url": "http://symfony.com/blog/security-release-twig-1-20-0"
                },
                {
                  "name": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f"
                },
                {
                  "name": "[oss-security] 20151011 Re: CVE Request: twig remote code execution",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2015/10/11/2"
                },
                {
                  "name": "[oss-security] 20150821 CVE Request: twig remote code execution",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2015/08/21/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7809",
        "datePublished": "2015-11-06T21:00:00.000Z",
        "dateReserved": "2015-10-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1537 (GCVE-0-2001-1537)

    Vulnerability from nvd – Published: 2005-07-14 04:00 – Updated: 2024-08-08 04:58
    VLAI
    Summary
    The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/3591 vdb-entryx_refsource_BID
    http://www.iss.net/security_center/static/7619.php vdb-entryx_refsource_XF
    Date Public
    2001-11-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:58:11.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
              },
              {
                "name": "3591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3591"
              },
              {
                "name": "twig-password-plaintext-cookie(7619)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/7619.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-11-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default \"basic\" security setting\u0027 in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
            },
            {
              "name": "3591",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3591"
            },
            {
              "name": "twig-password-plaintext-cookie(7619)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/7619.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default \"basic\" security setting\u0027 in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
                },
                {
                  "name": "3591",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3591"
                },
                {
                  "name": "twig-password-plaintext-cookie(7619)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/7619.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1537",
        "datePublished": "2005-07-14T04:00:00.000Z",
        "dateReserved": "2005-07-14T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:58:11.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-24425 (GCVE-0-2026-24425)

    Vulnerability from cvelistv5 – Published: 2026-05-20 13:45 – Updated: 2026-05-20 15:44 X_Open Source
    VLAI
    Title
    Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
    Summary
    Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: 3.9.0 , < 3.26.0 (semver)
    Affected: 2.16.* (custom)
    Create a notification for this product.
    Date Public
    2026-05-20 00:00
    Credits
    Nicolò Ribaudo Fabien Potencier VulnCheck
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24425",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T15:43:54.656189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:33.359Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Twig",
              "repo": "https://github.com/twigphp/Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "lessThan": "3.26.0",
                  "status": "affected",
                  "version": "3.9.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.16.*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicol\u00f2 Ribaudo"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Fabien Potencier"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulnCheck"
            }
          ],
          "datePublic": "2026-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTwig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.\u003c/p\u003e"
                }
              ],
              "value": "Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T13:45:43.338Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-2q52-x2ff-qgfr"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/twigphp/Twig/releases/tag/v3.26.0"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/twig-x-x-sandbox-bypass-via-sourcepolicyinterface"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Twig 2.16.x \u0026 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-24425",
        "datePublished": "2026-05-20T13:45:02.413Z",
        "dateReserved": "2026-01-22T20:23:19.801Z",
        "dateUpdated": "2026-05-20T15:44:33.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45411 (GCVE-0-2024-45411)

    Vulnerability from cvelistv5 – Published: 2024-09-09 18:20 – Updated: 2024-09-16 12:04
    VLAI
    Title
    Twig has a possible sandbox bypass
    Summary
    Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: > 1.0.0, < 1.44.8
    Affected: > 2.0.0, < 2.16.1
    Affected: > 3.0.0, < 3.14.0
    Create a notification for this product.
    symfony twig Affected: 1.0.0 , < 1.44.8 (custom)
    Affected: 2.0.0 , < 2.16.1 (custom)
    Affected: 3.0.0 , < 3.14.0 (custom)
        cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "twig",
                "vendor": "symfony",
                "versions": [
                  {
                    "lessThan": "1.44.8",
                    "status": "affected",
                    "version": "1.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2.16.1",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "3.14.0",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T18:37:50.091764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T18:39:52.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-16T12:04:18.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00031.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e 1.0.0, \u003c 1.44.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e 2.0.0, \u003c 2.16.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e 3.0.0, \u003c 3.14.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-09T18:20:28.363Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66"
            },
            {
              "name": "https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6"
            },
            {
              "name": "https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de"
            },
            {
              "name": "https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233"
            }
          ],
          "source": {
            "advisory": "GHSA-6j75-5wfj-gh66",
            "discovery": "UNKNOWN"
          },
          "title": "Twig has a possible sandbox bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45411",
        "datePublished": "2024-09-09T18:20:28.363Z",
        "dateReserved": "2024-08-28T20:21:32.805Z",
        "dateUpdated": "2024-09-16T12:04:18.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-39261 (GCVE-0-2022-39261)

    Vulnerability from cvelistv5 – Published: 2022-09-28 00:00 – Updated: 2025-04-23 16:54
    VLAI
    Title
    Twig may load a template outside a configured directory when using the filesystem loader
    Summary
    Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: => 1.0.0, < 1.44.7
    Affected: >= 2.0.0, < 2.15.3
    Affected: >= 3.0.0, < 3.4.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:00:43.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2022-016"
              },
              {
                "name": "DSA-5248",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5248"
              },
              {
                "name": "FEDORA-2022-4490a4772d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/"
              },
              {
                "name": "FEDORA-2022-d39b2a755b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/"
              },
              {
                "name": "FEDORA-2022-1695454935",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/"
              },
              {
                "name": "FEDORA-2022-9d8ee4a6de",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/"
              },
              {
                "name": "[debian-lts-announce] 20221011 [SECURITY] [DLA 3147-1] twig security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html"
              },
              {
                "name": "FEDORA-2022-c6fe3ebd94",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/"
              },
              {
                "name": "FEDORA-2022-73b9fb7a77",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-39261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:50:56.522548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:54:59.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "=\u003e 1.0.0, \u003c 1.44.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.15.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.0.0, \u003c 3.4.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates\u0027 directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-14T00:00:00.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33"
            },
            {
              "url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b"
            },
            {
              "url": "https://www.drupal.org/sa-core-2022-016"
            },
            {
              "name": "DSA-5248",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5248"
            },
            {
              "name": "FEDORA-2022-4490a4772d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/"
            },
            {
              "name": "FEDORA-2022-d39b2a755b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/"
            },
            {
              "name": "FEDORA-2022-1695454935",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/"
            },
            {
              "name": "FEDORA-2022-9d8ee4a6de",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/"
            },
            {
              "name": "[debian-lts-announce] 20221011 [SECURITY] [DLA 3147-1] twig security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html"
            },
            {
              "name": "FEDORA-2022-c6fe3ebd94",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/"
            },
            {
              "name": "FEDORA-2022-73b9fb7a77",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/"
            }
          ],
          "source": {
            "advisory": "GHSA-52m2-vc4m-jj33",
            "discovery": "UNKNOWN"
          },
          "title": "Twig may load a template outside a configured directory when using the filesystem loader"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-39261",
        "datePublished": "2022-09-28T00:00:00.000Z",
        "dateReserved": "2022-09-02T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:54:59.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23614 (GCVE-0-2022-23614)

    Vulnerability from cvelistv5 – Published: 2022-02-04 22:25 – Updated: 2025-04-23 19:08
    VLAI
    Title
    Code injection in Twig
    Summary
    Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    twigphp Twig Affected: >= 3.0.0, < 3.3.8
    Affected: >= 2.0.0, < 2.14.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:46.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5"
              },
              {
                "name": "FEDORA-2022-167b9becef",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/"
              },
              {
                "name": "FEDORA-2022-47293b1d23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/"
              },
              {
                "name": "FEDORA-2022-7d871d7583",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/"
              },
              {
                "name": "FEDORA-2022-58abb323f0",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/"
              },
              {
                "name": "DSA-5107",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5107"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:56:43.403255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T19:08:27.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Twig",
              "vendor": "twigphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.0.0, \u003c 3.3.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.14.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-24T14:06:10.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5"
            },
            {
              "name": "FEDORA-2022-167b9becef",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/"
            },
            {
              "name": "FEDORA-2022-47293b1d23",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/"
            },
            {
              "name": "FEDORA-2022-7d871d7583",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/"
            },
            {
              "name": "FEDORA-2022-58abb323f0",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/"
            },
            {
              "name": "DSA-5107",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5107"
            }
          ],
          "source": {
            "advisory": "GHSA-5mv2-rx3q-4w2v",
            "discovery": "UNKNOWN"
          },
          "title": "Code injection in Twig",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-23614",
              "STATE": "PUBLIC",
              "TITLE": "Code injection in Twig"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Twig",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 3.0.0, \u003c 3.3.8"
                              },
                              {
                                "version_value": "\u003e= 2.0.0, \u003c 2.14.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "twigphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5"
                },
                {
                  "name": "FEDORA-2022-167b9becef",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/"
                },
                {
                  "name": "FEDORA-2022-47293b1d23",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/"
                },
                {
                  "name": "FEDORA-2022-7d871d7583",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/"
                },
                {
                  "name": "FEDORA-2022-58abb323f0",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/"
                },
                {
                  "name": "DSA-5107",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5107"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-5mv2-rx3q-4w2v",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-23614",
        "datePublished": "2022-02-04T22:25:11.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2025-04-23T19:08:27.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9942 (GCVE-0-2019-9942)

    Vulnerability from cvelistv5 – Published: 2019-03-23 14:31 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:08.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://symfony.com/blog/twig-sandbox-information-disclosure"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077"
              },
              {
                "name": "DSA-4419",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4419"
              },
              {
                "name": "20190331 [SECURITY] [DSA 4419-1] twig security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Mar/60"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-01T07:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://symfony.com/blog/twig-sandbox-information-disclosure"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077"
            },
            {
              "name": "DSA-4419",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4419"
            },
            {
              "name": "20190331 [SECURITY] [DSA 4419-1] twig security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Mar/60"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://symfony.com/blog/twig-sandbox-information-disclosure",
                  "refsource": "MISC",
                  "url": "https://symfony.com/blog/twig-sandbox-information-disclosure"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077"
                },
                {
                  "name": "DSA-4419",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4419"
                },
                {
                  "name": "20190331 [SECURITY] [DSA 4419-1] twig security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Mar/60"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9942",
        "datePublished": "2019-03-23T14:31:53.000Z",
        "dateReserved": "2019-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:08.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13818 (GCVE-0-2018-13818)

    Vulnerability from cvelistv5 – Published: 2018-07-10 14:00 – Updated: 2024-08-05 09:14 Disputed
    VLAI
    Summary
    Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb"
              },
              {
                "name": "44102",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44102/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/issues/2743"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-21T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb"
            },
            {
              "name": "44102",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44102/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twigphp/Twig/issues/2743"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-13818",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/blob/2.x/CHANGELOG"
                },
                {
                  "name": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb"
                },
                {
                  "name": "44102",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44102/"
                },
                {
                  "name": "https://github.com/twigphp/Twig/issues/2743",
                  "refsource": "MISC",
                  "url": "https://github.com/twigphp/Twig/issues/2743"
                },
                {
                  "name": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20",
                  "refsource": "MISC",
                  "url": "https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-13818",
        "datePublished": "2018-07-10T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:14:47.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7809 (GCVE-0-2015-7809)

    Vulnerability from cvelistv5 – Published: 2015-11-06 21:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/twigphp/Twig/pull/1759"
              },
              {
                "name": "DSA-3343",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3343"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://symfony.com/blog/security-release-twig-1-20-0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f"
              },
              {
                "name": "[oss-security] 20151011 Re: CVE Request: twig remote code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2015/10/11/2"
              },
              {
                "name": "[oss-security] 20150821 CVE Request: twig remote code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2015/08/21/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-11-06T20:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/twigphp/Twig/pull/1759"
            },
            {
              "name": "DSA-3343",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3343"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://symfony.com/blog/security-release-twig-1-20-0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f"
            },
            {
              "name": "[oss-security] 20151011 Re: CVE Request: twig remote code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2015/10/11/2"
            },
            {
              "name": "[oss-security] 20150821 CVE Request: twig remote code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2015/08/21/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/twigphp/Twig/pull/1759",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/twigphp/Twig/pull/1759"
                },
                {
                  "name": "DSA-3343",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3343"
                },
                {
                  "name": "http://symfony.com/blog/security-release-twig-1-20-0",
                  "refsource": "CONFIRM",
                  "url": "http://symfony.com/blog/security-release-twig-1-20-0"
                },
                {
                  "name": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f"
                },
                {
                  "name": "[oss-security] 20151011 Re: CVE Request: twig remote code execution",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2015/10/11/2"
                },
                {
                  "name": "[oss-security] 20150821 CVE Request: twig remote code execution",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2015/08/21/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7809",
        "datePublished": "2015-11-06T21:00:00.000Z",
        "dateReserved": "2015-10-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1537 (GCVE-0-2001-1537)

    Vulnerability from cvelistv5 – Published: 2005-07-14 04:00 – Updated: 2024-08-08 04:58
    VLAI
    Summary
    The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/3591 vdb-entryx_refsource_BID
    http://www.iss.net/security_center/static/7619.php vdb-entryx_refsource_XF
    Date Public
    2001-11-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:58:11.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
              },
              {
                "name": "3591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3591"
              },
              {
                "name": "twig-password-plaintext-cookie(7619)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/7619.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-11-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default \"basic\" security setting\u0027 in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
            },
            {
              "name": "3591",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3591"
            },
            {
              "name": "twig-password-plaintext-cookie(7619)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/7619.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default \"basic\" security setting\u0027 in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
                },
                {
                  "name": "3591",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3591"
                },
                {
                  "name": "twig-password-plaintext-cookie(7619)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/7619.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1537",
        "datePublished": "2005-07-14T04:00:00.000Z",
        "dateReserved": "2005-07-14T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:58:11.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }