Vulnerability DatabaseCVE-2024-45411
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-45411
September 09, 2024
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
Related Resources (9)
https://symfony.com/blog/twig-security-release-possible-sandbox-bypass
https://nvd.nist.gov/vuln/detail/CVE-2024-45411
https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2024-45411.yaml
https://github.com/twigphp/Twig
https://github.com/twigphp/Twig/commit/41103dcdc2daab4c83cdd05b5b4fde5b7e41e635
https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66
https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233
https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6
https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de
Do you need more information?
Contact Us
CVSS v4
Base Score:
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Protection Mechanism Failure
CWE-693
EPSS
Base Score:
0.14