Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/twig@1.16.2-1%2Bdeb8u1
purl pkg:deb/debian/twig@1.16.2-1%2Bdeb8u1
Next non-vulnerable version 1.24.0-2+deb9u1
Latest non-vulnerable version 1.24.0-2+deb9u1
Risk 1.9
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-xscd-caaj-kqdk
Aliases:
CVE-2019-9942
GHSA-vxrc-68xx-x48g
Information Exposure Under some circumstances, it is possible to call the `__toString()` method on an object even if not allowed by the security policy in place.
1.24.0-2+deb9u1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-4jwc-v1ar-q7ek Twig remote code execution in templates The `displayBlock` function `Template.php` in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the `_self` variable in a template. CVE-2015-7809
GHSA-xw83-pwrm-9j74

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T14:28:13.330051+00:00 Debian Oval Importer Affected by VCID-xscd-caaj-kqdk https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.4.0
2026-04-15T13:41:36.151405+00:00 Debian Oval Importer Fixing VCID-4jwc-v1ar-q7ek https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-11T14:16:33.412219+00:00 Debian Oval Importer Affected by VCID-xscd-caaj-kqdk https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.3.0
2026-04-11T13:30:18.367290+00:00 Debian Oval Importer Fixing VCID-4jwc-v1ar-q7ek https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-07T22:50:19.370908+00:00 Debian Oval Importer Affected by VCID-xscd-caaj-kqdk https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.1.0
2026-04-07T22:06:01.291368+00:00 Debian Oval Importer Fixing VCID-4jwc-v1ar-q7ek https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0