VulnerableCode Package Details - pkg:composer/twig/twig@3.14.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1au7-86r7-8qdn Aliases: CVE-2024-51754 GHSA-6377-hfv9-hqf6	Twig has unguarded calls to `__toString()` when nesting an object into an array ### Description In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). ### Resolution The sandbox mode now checks the `__toString()` method call on all objects. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/cafc608ece310e62a35a76f17e25c04ab9ed05cc) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/d4a302681bca9f7c6ce2835470d53609cdf3e23e) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.	3.14.1 Affected by 0 other vulnerabilities.
VCID-cd24-q2ys-yfbe Aliases: CVE-2024-51755 GHSA-jjxq-ff2g-95vh	Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled ### Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. ### Resolution The sandbox mode now ensures access to array-like's properties is allowed. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/b957e5a44cc0075d04ccff52f8fa9d8e6db3e3a0) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.	3.14.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1au7-86r7-8qdn
Aliases:
CVE-2024-51754
GHSA-6377-hfv9-hqf6

Twig has unguarded calls to `__toString()` when nesting an object into an array ### Description In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). ### Resolution The sandbox mode now checks the `__toString()` method call on all objects. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/cafc608ece310e62a35a76f17e25c04ab9ed05cc) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/d4a302681bca9f7c6ce2835470d53609cdf3e23e) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.

3.14.1
Affected by 0 other vulnerabilities.

VCID-cd24-q2ys-yfbe
Aliases:
CVE-2024-51755
GHSA-jjxq-ff2g-95vh

Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled ### Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. **This is a BC break.** ### Resolution The sandbox mode now ensures access to array-like's properties is allowed. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/b957e5a44cc0075d04ccff52f8fa9d8e6db3e3a0) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.

3.14.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-etje-vrfw-nbh4	Twig has a possible sandbox bypass ### Description Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. The security issue happens when all these conditions are met: * The sandbox is disabled globally; * The sandbox is enabled via a sandboxed `include()` function which references a template name (like `included.twig`) and not a `Template` or `TemplateWrapper` instance; * The included template has been loaded before the `include()` call but in a non-sandbox context (possible as the sandbox has been globally disabled). ### Resolution The patch ensures that the sandbox security checks are always run at runtime. ### Credits We would like to thank Fabien Potencier for reporting and fixing the issue.	CVE-2024-45411 GHSA-6j75-5wfj-gh66

Vulnerability

Summary

Aliases

VCID-etje-vrfw-nbh4

Twig has a possible sandbox bypass ### Description Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. The security issue happens when all these conditions are met: * The sandbox is disabled globally; * The sandbox is enabled via a sandboxed `include()` function which references a template name (like `included.twig`) and not a `Template` or `TemplateWrapper` instance; * The included template has been loaded before the `include()` call but in a non-sandbox context (possible as the sandbox has been globally disabled). ### Resolution The patch ensures that the sandbox security checks are always run at runtime. ### Credits We would like to thank Fabien Potencier for reporting and fixing the issue.

CVE-2024-45411
GHSA-6j75-5wfj-gh66

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:13:14.473413+00:00	GitLab Importer	Affected by	VCID-1au7-86r7-8qdn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml	38.4.0
2026-04-16T23:13:10.494836+00:00	GitLab Importer	Affected by	VCID-cd24-q2ys-yfbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml	38.4.0
2026-04-12T00:31:43.662213+00:00	GitLab Importer	Affected by	VCID-1au7-86r7-8qdn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml	38.3.0
2026-04-12T00:31:39.208335+00:00	GitLab Importer	Affected by	VCID-cd24-q2ys-yfbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml	38.3.0
2026-04-03T00:39:26.645210+00:00	GitLab Importer	Affected by	VCID-1au7-86r7-8qdn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml	38.1.0
2026-04-03T00:39:21.764260+00:00	GitLab Importer	Affected by	VCID-cd24-q2ys-yfbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml	38.1.0
2026-04-02T12:40:00.852465+00:00	GitLab Importer	Fixing	VCID-etje-vrfw-nbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml	38.0.0
2026-04-01T16:06:22.304676+00:00	GHSA Importer	Fixing	VCID-etje-vrfw-nbh4	https://github.com/advisories/GHSA-6j75-5wfj-gh66	38.0.0
2026-04-01T12:49:54.290385+00:00	GithubOSV Importer	Fixing	VCID-etje-vrfw-nbh4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-6j75-5wfj-gh66/GHSA-6j75-5wfj-gh66.json	38.0.0