CVE-2025-24374

Опубликовано: 29 янв. 2025

Источник: debian

EPSS Низкий

Описание

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
php-twig	fixed	3.19.0-1~bootstrap		package
php-twig	no-dsa		bookworm	package
php-twig	ignored		bullseye	package
twig	removed			package

Примечания

https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr
https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3 (v3.19.0)

EPSS

Процентиль: 35%

0.00141

Низкий

Связанные уязвимости

CVE-2025-24374

CVSS3: 4.3

ubuntu

около 1 года назад

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.

CVE-2025-24374

CVSS3: 4.3

nvd

около 1 года назад

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.

GHSA-3xg3-cgvq-2xwr

CVSS3: 4.3

github

около 1 года назад

Twig security issue where escaping was missing when using null coalesce operator

EPSS

Процентиль: 35%

0.00141

Низкий