VulnerableCode Package Details - pkg:composer/twig/twig@1.0.0

Search for packages

Package details: pkg:composer/twig/twig@1.0.0

Essentials
History (13)

purl	pkg:composer/twig/twig@1.0.0
Tags	Ghost

Next non-vulnerable version	3.11.2
Latest non-vulnerable version	3.19.0
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-6ygy-mamy-jkec Aliases: CVE-2024-45411 GHSA-6j75-5wfj-gh66	Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.	1.44.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.16.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.0-BETA1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.11.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.14.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bcv4-ry3v-aaab Aliases: CVE-2022-39261 GHSA-52m2-vc4m-jj33	Twig may load a template outside a configured directory when using the filesystem loader	1.44.7 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.15.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.0-BETA1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q1pp-7jby-aaas Aliases: GHSA-7cvr-xhm5-x998	Twig Path Traversal vulnerability in the filesystem loader Twig is affected by path traversal vulnerability when used with Twig_Loader_Filesystem for loading Twig templates but only if the application is using non-trusted template names (names provided by a end-user for instance). When affected, it is possible to go up one directory for the paths configured in the application's loader. For instance, if the filesystem loader is configured with /path/to/templates as a path to look for templates, an attacker can force Twig to include a file stored in /path/to by prepending the path with /../ like in {% include "/../somefile_in_path_to" %} Note that using anything else (like ../somefile, /../../somefile, or ../../somefile) won’t work and the application will return a proper exception.	1.12.3 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rgu1-r63v-aaaq Aliases: 2013-04-08	Path Traversal Vulnerability in the filesystem loader.	1.12.3 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-29T10:48:45.391654+00:00	GHSA Importer	Affected by	VCID-bcv4-ry3v-aaab	None	36.0.0
2024-10-11T03:30:02.841380+00:00	GHSA Importer	Affected by	VCID-6ygy-mamy-jkec	https://github.com/advisories/GHSA-6j75-5wfj-gh66	34.0.2
2024-10-10T06:56:06.957678+00:00	GitLab Importer	Affected by	VCID-6ygy-mamy-jkec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml	34.0.2
2024-09-17T22:33:19.231700+00:00	GitLab Importer	Affected by	VCID-rgu1-r63v-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/2013-04-08.yml	34.0.1
2024-09-17T22:33:19.090617+00:00	GitLab Importer	Affected by	VCID-bcv4-ry3v-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml	34.0.1
2024-09-17T22:33:18.968571+00:00	GitLab Importer	Affected by	VCID-q1pp-7jby-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml	34.0.1
2024-09-17T22:11:15.511912+00:00	GHSA Importer	Affected by	VCID-bcv4-ry3v-aaab	https://github.com/advisories/GHSA-52m2-vc4m-jj33	34.0.1
2024-09-17T22:07:37.367538+00:00	GHSA Importer	Affected by	VCID-q1pp-7jby-aaas	https://github.com/advisories/GHSA-7cvr-xhm5-x998	34.0.1
2024-09-17T22:07:14.124099+00:00	GHSA Importer	Affected by	VCID-6ygy-mamy-jkec	https://github.com/advisories/GHSA-6j75-5wfj-gh66	34.0.1
2024-05-30T16:46:58.319998+00:00	GHSA Importer	Affected by	VCID-q1pp-7jby-aaas	https://github.com/advisories/GHSA-7cvr-xhm5-x998	34.0.0rc4
2024-01-03T17:57:31.498573+00:00	GitLab Importer	Affected by	VCID-rgu1-r63v-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/2013-04-08.yml	34.0.0rc1
2024-01-03T17:57:31.360521+00:00	GitLab Importer	Affected by	VCID-bcv4-ry3v-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml	34.0.0rc1
2024-01-03T17:42:57.414719+00:00	GHSA Importer	Affected by	VCID-bcv4-ry3v-aaab	https://github.com/advisories/GHSA-52m2-vc4m-jj33	34.0.0rc1