Описание
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the __isset() method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
EPSS
2.2 Low
CVSS3
Дефекты
Связанные уязвимости
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
Twig is a template language for PHP. In a sandbox, an attacker can acc ...
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
EPSS
2.2 Low
CVSS3