GHSA-jjxq-ff2g-95vh

Опубликовано: 06 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 2.1

CVSS3: 2.2

Описание

Twig has unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Description

In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the __isset() method is now called after the security check. This is a BC break.

Resolution

The sandbox mode now ensures access to array-like's properties is allowed.

The patch for this issue is available here for the 3.11.x branch, and here for the 3.x branch.

Credits

We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.

Ссылки

Пакеты

Наименование

twig/twig

composer

Затронутые версииВерсия исправления

< 3.11.2

3.11.2

Наименование

twig/twig

composer

Затронутые версииВерсия исправления

>= 3.12, < 3.14.1

3.14.1

EPSS

Процентиль: 30%

0.00112

Низкий

2.1 Low

CVSS4

2.2 Low

CVSS3

CVE ID

CVE-2024-51755

Дефекты

CWE-668

Связанные уязвимости

CVE-2024-51755

CVSS3: 2.2

ubuntu

больше 1 года назад

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.

CVE-2024-51755

CVSS3: 2.2

nvd

больше 1 года назад

CVE-2024-51755

CVSS3: 2.2

debian

больше 1 года назад

Twig is a template language for PHP. In a sandbox, an attacker can acc ...

EPSS

Процентиль: 30%

0.00112

Низкий

2.1 Low

CVSS4

2.2 Low

CVSS3

CVE ID

CVE-2024-51755

Дефекты

CWE-668