Search CVE reports
71 – 80 of 42760 results
Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke __toString() on a Stringable object used as a mapping key...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed(), allowing a sandboxed template...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate() and Profile::getName() into HTML output without escaping, allowing attacker-controlled template or profile...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. From 3.15.0 until 3.26.0, _self.(<string>) and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute() with the sandbox argument hardcoded to false, disabling property and method policy checks and...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.26.0, {% sandbox %}{% include %} can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity(), allowing the cached template to use tags,...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with is_safe => [all], causing Twig to treat plain text or HTML output as safe in...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP array_column(), which reads public and magic properties without reaching CoreExtension::getAttribute()...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. From 3.9.0 until 3.26.0, template_from_string() compiles an inner template under a synthesized __string_template__<hash> name that can fall outside a SourcePolicyInterface sandbox decision,...
1 affected package
php-twig
| Package | 20.04 LTS |
|---|---|
| php-twig | Needs evaluation |