Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-13818

Опубликовано: 10 июл. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
Версия до 2.4.4 (исключая)

EPSS

Процентиль: 67%
0.00536
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2018-13818

CVSS3: 9.8
ubuntu
больше 7 лет назад

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it

debian логотип

CVE-2018-13818

CVSS3: 9.8
debian
больше 7 лет назад

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...

github логотип

GHSA-rgff-87c8-rh44

CVSS3: 9.8
github
больше 3 лет назад

** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.

EPSS

Процентиль: 67%
0.00536
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94