VulnerableCode Package Details - pkg:composer/twig/twig@3.6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1au7-86r7-8qdn Aliases: CVE-2024-51754 GHSA-6377-hfv9-hqf6	Twig has unguarded calls to `__toString()` when nesting an object into an array ### Description In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). ### Resolution The sandbox mode now checks the `__toString()` method call on all objects. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/cafc608ece310e62a35a76f17e25c04ab9ed05cc) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/d4a302681bca9f7c6ce2835470d53609cdf3e23e) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.	3.11.2 Affected by 0 other vulnerabilities. 3.14.1 Affected by 0 other vulnerabilities.
VCID-cd24-q2ys-yfbe Aliases: CVE-2024-51755 GHSA-jjxq-ff2g-95vh	Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled ### Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. ### Resolution The sandbox mode now ensures access to array-like's properties is allowed. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/b957e5a44cc0075d04ccff52f8fa9d8e6db3e3a0) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.	3.11.2 Affected by 0 other vulnerabilities. 3.14.1 Affected by 0 other vulnerabilities.
VCID-etje-vrfw-nbh4 Aliases: CVE-2024-45411 GHSA-6j75-5wfj-gh66	Twig has a possible sandbox bypass ### Description Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. The security issue happens when all these conditions are met: * The sandbox is disabled globally; * The sandbox is enabled via a sandboxed `include()` function which references a template name (like `included.twig`) and not a `Template` or `TemplateWrapper` instance; * The included template has been loaded before the `include()` call but in a non-sandbox context (possible as the sandbox has been globally disabled). ### Resolution The patch ensures that the sandbox security checks are always run at runtime. ### Credits We would like to thank Fabien Potencier for reporting and fixing the issue.	3.11.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.14.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1au7-86r7-8qdn
Aliases:
CVE-2024-51754
GHSA-6377-hfv9-hqf6

Twig has unguarded calls to `__toString()` when nesting an object into an array ### Description In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). ### Resolution The sandbox mode now checks the `__toString()` method call on all objects. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/cafc608ece310e62a35a76f17e25c04ab9ed05cc) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/d4a302681bca9f7c6ce2835470d53609cdf3e23e) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.

3.11.2
Affected by 0 other vulnerabilities.

3.14.1
Affected by 0 other vulnerabilities.

VCID-cd24-q2ys-yfbe
Aliases:
CVE-2024-51755
GHSA-jjxq-ff2g-95vh

Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled ### Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. **This is a BC break.** ### Resolution The sandbox mode now ensures access to array-like's properties is allowed. The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/b957e5a44cc0075d04ccff52f8fa9d8e6db3e3a0) for the 3.x branch. ### Credits We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.

3.11.2
Affected by 0 other vulnerabilities.

3.14.1
Affected by 0 other vulnerabilities.

VCID-etje-vrfw-nbh4
Aliases:
CVE-2024-45411
GHSA-6j75-5wfj-gh66

Twig has a possible sandbox bypass ### Description Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. The security issue happens when all these conditions are met: * The sandbox is disabled globally; * The sandbox is enabled via a sandboxed `include()` function which references a template name (like `included.twig`) and not a `Template` or `TemplateWrapper` instance; * The included template has been loaded before the `include()` call but in a non-sandbox context (possible as the sandbox has been globally disabled). ### Resolution The patch ensures that the sandbox security checks are always run at runtime. ### Credits We would like to thank Fabien Potencier for reporting and fixing the issue.

3.11.1
Affected by 2 other vulnerabilities.

3.14.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:13:14.418547+00:00	GitLab Importer	Affected by	VCID-1au7-86r7-8qdn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml	38.4.0
2026-04-16T23:13:10.435588+00:00	GitLab Importer	Affected by	VCID-cd24-q2ys-yfbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml	38.4.0
2026-04-16T23:07:42.560302+00:00	GitLab Importer	Affected by	VCID-etje-vrfw-nbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml	38.4.0
2026-04-12T00:31:43.597502+00:00	GitLab Importer	Affected by	VCID-1au7-86r7-8qdn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml	38.3.0
2026-04-12T00:31:39.140949+00:00	GitLab Importer	Affected by	VCID-cd24-q2ys-yfbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml	38.3.0
2026-04-12T00:25:50.608273+00:00	GitLab Importer	Affected by	VCID-etje-vrfw-nbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml	38.3.0
2026-04-03T00:39:26.582639+00:00	GitLab Importer	Affected by	VCID-1au7-86r7-8qdn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml	38.1.0
2026-04-03T00:39:21.702441+00:00	GitLab Importer	Affected by	VCID-cd24-q2ys-yfbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml	38.1.0
2026-04-03T00:33:28.958138+00:00	GitLab Importer	Affected by	VCID-etje-vrfw-nbh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml	38.1.0