We found results for “”
CVE-2024-51755
Date: November 6, 2024
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the "__isset()" method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
Language: PHP
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Exposure of Resource to Wrong Sphere
CWE-668CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |
Vulnerabilities
Projects
Contact Us


