Описание
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
Ссылки
- Patch
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.5 High
CVSS3
8.6 High
CVSS3
Дефекты
Связанные уязвимости
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
Twig is a template language for PHP. Under some circumstances, the san ...
Уязвимость функции include() компилирующего обработчика шаблонов Twig, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
8.5 High
CVSS3
8.6 High
CVSS3