Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (2)
| Vulnerability |
Summary |
Aliases |
|
VCID-8921-71jv-uubp
|
Twig has unguarded calls to `__toString()` when nesting an object into an array
### Description
In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).
### Resolution
The sandbox mode now checks the `__toString()` method call on all objects.
The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/cafc608ece310e62a35a76f17e25c04ab9ed05cc) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/d4a302681bca9f7c6ce2835470d53609cdf3e23e) for the 3.x branch.
### Credits
We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.
|
CVE-2024-51754
GHSA-6377-hfv9-hqf6
|
|
VCID-zwzx-hces-hkfk
|
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
### Description
In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy.
They are now checked via the property policy and the `__isset()` method is now called after the security check.
**This is a BC break.**
### Resolution
The sandbox mode now ensures access to array-like's properties is allowed.
The patch for this issue is available [here](https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/b957e5a44cc0075d04ccff52f8fa9d8e6db3e3a0) for the 3.x branch.
### Credits
We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.
|
CVE-2024-51755
GHSA-jjxq-ff2g-95vh
|