GHSA-6377-hfv9-hqf6

Опубликовано: 06 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 2.1

CVSS3: 2.2

Описание

Twig has unguarded calls to __toString() when nesting an object into an array

Description

In a sandbox, an attacker can call __toString() on an object even if the __toString() method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).

Resolution

The sandbox mode now checks the __toString() method call on all objects.

The patch for this issue is available here for the 3.11.x branch, and here for the 3.x branch.

Credits

We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.

Ссылки

Пакеты

Наименование

twig/twig

composer

Затронутые версииВерсия исправления

< 3.11.2

3.11.2

Наименование

twig/twig

composer

Затронутые версииВерсия исправления

>= 3.12, < 3.14.1

3.14.1

EPSS

Процентиль: 28%

0.00099

Низкий

2.1 Low

CVSS4

2.2 Low

CVSS3

CVE ID

CVE-2024-51754

Дефекты

CWE-668

Связанные уязвимости

CVE-2024-51754

CVSS3: 2.2

ubuntu

больше 1 года назад

Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.

CVE-2024-51754

CVSS3: 2.2

nvd

больше 1 года назад

CVE-2024-51754

CVSS3: 2.2

debian

больше 1 года назад

Twig is a template language for PHP. In a sandbox, an attacker can cal ...

EPSS

Процентиль: 28%

0.00099

Низкий

2.1 Low

CVSS4

2.2 Low

CVSS3

CVE ID

CVE-2024-51754

Дефекты

CWE-668