Описание
Twig remote code execution in templates
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7809
- https://github.com/twigphp/Twig/pull/1759
- https://github.com/twigphp/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2015-7809.yaml
- https://symfony.com/blog/security-release-twig-1-20-0
- http://openwall.com/lists/oss-security/2015/08/21/3
- http://openwall.com/lists/oss-security/2015/10/11/2
- http://symfony.com/blog/security-release-twig-1-20-0
- http://www.debian.org/security/2015/dsa-3343
Пакеты
Наименование
twig/twig
composer
Затронутые версииВерсия исправления
< 1.20.0
1.20.0
Связанные уязвимости
ubuntu
больше 10 лет назад
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
nvd
больше 10 лет назад
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
debian
больше 10 лет назад
The displayBlock function Template.php in Sensio Labs Twig before 1.20 ...