Описание
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | released | 3.3.8-2ubuntu4+esm2 |
| esm-apps/noble | released | 3.8.0-2ubuntu0.1~esm1 |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needed | |
| noble | released | 3.8.0-2ubuntu1 |
| oracular | ignored | end of life, was needed |
| plucky | not-affected | |
| questing | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE |
Показывать по
Ссылки на источники
EPSS
8.5 High
CVSS3
Связанные уязвимости
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
Twig is a template language for PHP. Under some circumstances, the san ...
Уязвимость функции include() компилирующего обработчика шаблонов Twig, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
8.5 High
CVSS3