Search for packages
Package details: pkg:composer/twig/twig@1.38.0
purl pkg:composer/twig/twig@1.38.0
Next non-vulnerable version 3.11.2
Latest non-vulnerable version 3.19.0
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-6ygy-mamy-jkec
Aliases:
CVE-2024-45411
GHSA-6j75-5wfj-gh66
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
1.44.8
Affected by 2 other vulnerabilities.
2.16.1
Affected by 2 other vulnerabilities.
3.0.0-BETA1
Affected by 3 other vulnerabilities.
3.11.1
Affected by 2 other vulnerabilities.
3.14.0
Affected by 2 other vulnerabilities.
VCID-bcv4-ry3v-aaab
Aliases:
CVE-2022-39261
GHSA-52m2-vc4m-jj33
Twig may load a template outside a configured directory when using the filesystem loader
1.44.7
Affected by 4 other vulnerabilities.
2.15.3
Affected by 4 other vulnerabilities.
3.0.0-BETA1
Affected by 3 other vulnerabilities.
3.4.3
Affected by 4 other vulnerabilities.
VCID-e9bz-nz6b-sbab
Aliases:
CVE-2024-51755
GHSA-jjxq-ff2g-95vh
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
3.11.2
Affected by 0 other vulnerabilities.
3.14.1
Affected by 0 other vulnerabilities.
VCID-q1pp-7jby-aaas
Aliases:
GHSA-7cvr-xhm5-x998
Twig Path Traversal vulnerability in the filesystem loader Twig is affected by path traversal vulnerability when used with Twig_Loader_Filesystem for loading Twig templates but only if the application is using non-trusted template names (names provided by a end-user for instance). When affected, it is possible to go up one directory for the paths configured in the application's loader. For instance, if the filesystem loader is configured with /path/to/templates as a path to look for templates, an attacker can force Twig to include a file stored in /path/to by prepending the path with /../ like in {% include "/../somefile_in_path_to" %} Note that using anything else (like ../somefile, /../../somefile, or ../../somefile) won’t work and the application will return a proper exception. There are no reported fixed by versions.
VCID-ydp7-f75t-27hn
Aliases:
CVE-2024-51754
GHSA-6377-hfv9-hqf6
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
3.11.2
Affected by 0 other vulnerabilities.
3.14.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-24vg-zmwt-aaam Sandbox Information Disclosure. 2019-03-12
VCID-2qfc-daza-aaap Sandbox Information Disclosure CVE-2019-9942
GHSA-vxrc-68xx-x48g

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:11:15.357287+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.1.3
2025-06-20T17:11:14.871202+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.1.3
2025-06-20T17:07:33.754759+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.1.3
2025-06-20T17:01:15.407887+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.1.3
2025-06-20T16:07:47.797918+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 36.1.3
2025-06-20T16:07:46.911114+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 36.1.3
2025-06-20T14:24:23.019393+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 36.1.3
2025-06-20T14:24:22.722194+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 36.1.3
2025-06-03T23:47:06.549365+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.1.0
2025-06-03T23:47:06.019836+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.1.0
2025-06-03T23:43:39.463023+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.1.0
2025-06-03T23:37:49.727113+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.1.0
2025-06-03T22:47:52.020005+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 36.1.0
2025-06-03T22:47:51.307854+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 36.1.0
2025-06-03T21:08:24.455504+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 36.1.0
2025-06-03T21:08:24.174398+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 36.1.0
2025-06-02T23:45:38.313849+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.1.2
2025-06-02T23:45:37.823137+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.1.2
2025-06-02T23:41:59.799250+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.1.2
2025-06-02T23:35:55.832248+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.1.2
2025-06-02T22:37:15.732483+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 36.1.2
2025-06-02T22:37:14.854526+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 36.1.2
2025-06-02T20:48:38.400839+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 36.1.2
2025-06-02T20:48:36.085182+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 36.1.2
2025-04-03T22:30:57.963836+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.0.0
2025-04-03T22:30:56.692942+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.0.0
2025-04-03T22:22:58.624915+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.0.0
2025-04-03T22:11:18.232016+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.0.0
2025-04-03T20:25:33.184967+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 36.0.0
2025-04-03T20:25:31.172612+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 36.0.0
2025-04-03T17:12:18.393496+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 36.0.0
2025-04-03T17:12:17.746816+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 36.0.0
2025-03-28T20:03:57.522403+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap None 36.0.0
2025-02-18T04:14:11.302936+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 35.1.0
2025-02-18T04:14:10.074814+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 35.1.0
2025-02-18T04:08:05.915995+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 35.1.0
2025-02-18T02:56:51.080843+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 35.1.0
2025-02-18T02:56:48.670323+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 35.1.0
2025-02-18T01:09:26.802439+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 35.1.0
2025-02-17T23:28:35.370520+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 35.1.0
2025-02-17T23:28:34.139052+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 35.1.0
2024-12-11T19:28:01.267820+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 35.0.0
2024-12-11T19:27:59.883689+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 35.0.0
2024-11-21T01:15:32.286758+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 35.0.0
2024-11-21T00:37:52.886173+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 35.0.0
2024-11-20T22:35:46.361133+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 35.0.0
2024-11-19T01:03:28.719720+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 34.3.2
2024-11-19T00:23:34.516955+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.3.2
2024-11-18T22:27:25.072845+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 34.3.2
2024-10-17T05:19:48.546117+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 34.0.2
2024-10-15T18:30:34.934551+00:00 GithubOSV Importer Fixing VCID-2qfc-daza-aaap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vxrc-68xx-x48g/GHSA-vxrc-68xx-x48g.json 34.0.2
2024-10-08T01:06:19.079406+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.2
2024-10-07T23:27:59.405747+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 34.0.2
2024-10-07T22:21:40.904644+00:00 GHSA Importer Affected by VCID-6ygy-mamy-jkec https://github.com/advisories/GHSA-6j75-5wfj-gh66 34.0.2
2024-10-07T20:52:13.153539+00:00 GHSA Importer Affected by VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.2
2024-10-07T18:14:25.987036+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap https://github.com/advisories/GHSA-vxrc-68xx-x48g 34.0.2
2024-09-23T01:07:13.430491+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.1
2024-09-22T22:47:49.570144+00:00 GHSA Importer Affected by VCID-6ygy-mamy-jkec https://github.com/advisories/GHSA-6j75-5wfj-gh66 34.0.1
2024-09-22T21:29:30.829574+00:00 GHSA Importer Affected by VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.1
2024-09-18T09:16:13.648578+00:00 GithubOSV Importer Fixing VCID-2qfc-daza-aaap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vxrc-68xx-x48g/GHSA-vxrc-68xx-x48g.json 34.0.1
2024-09-17T22:33:18.888863+00:00 GitLab Importer Fixing VCID-24vg-zmwt-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/2019-03-12.yml 34.0.1
2024-09-17T22:33:18.838131+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 34.0.1
2024-09-17T22:10:20.948579+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap https://github.com/advisories/GHSA-vxrc-68xx-x48g 34.0.1
2024-04-24T03:31:17.613901+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 34.0.0rc4
2024-04-24T03:31:16.514534+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.0rc4
2024-04-24T01:41:35.345880+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 34.0.0rc4
2024-04-24T01:41:34.691993+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 34.0.0rc4
2024-04-23T23:34:27.488704+00:00 GHSA Importer Affected by VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.0rc4
2024-04-23T23:34:19.148697+00:00 GHSA Importer Affected by VCID-bcv4-ry3v-aaab None 34.0.0rc4
2024-04-23T23:10:36.446297+00:00 GithubOSV Importer Fixing VCID-2qfc-daza-aaap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vxrc-68xx-x48g/GHSA-vxrc-68xx-x48g.json 34.0.0rc4
2024-04-23T19:53:11.964968+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap None 34.0.0rc4
2024-04-23T19:53:10.788107+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap https://github.com/advisories/GHSA-vxrc-68xx-x48g 34.0.0rc4
2024-01-10T06:12:15.858986+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 34.0.0rc2
2024-01-10T06:12:14.654855+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.0rc2
2024-01-10T04:12:33.996322+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 34.0.0rc2
2024-01-10T04:12:33.286151+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 34.0.0rc2
2024-01-10T01:34:37.780130+00:00 GHSA Importer Affected by VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.0rc2
2024-01-10T01:34:28.174095+00:00 GHSA Importer Affected by VCID-bcv4-ry3v-aaab None 34.0.0rc2
2024-01-09T21:43:59.238186+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap None 34.0.0rc2
2024-01-09T21:43:58.078796+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap https://github.com/advisories/GHSA-vxrc-68xx-x48g 34.0.0rc2
2024-01-03T22:59:17.907710+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab None 34.0.0rc1
2024-01-03T22:59:16.819352+00:00 GitLab Importer Affected by VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.0rc1
2024-01-03T20:56:08.956810+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap None 34.0.0rc1
2024-01-03T17:57:31.213349+00:00 GitLab Importer Fixing VCID-24vg-zmwt-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/2019-03-12.yml 34.0.0rc1
2024-01-03T17:57:31.167363+00:00 GitLab Importer Fixing VCID-2qfc-daza-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2019-9942.yml 34.0.0rc1
2024-01-03T17:42:07.664615+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap https://github.com/advisories/GHSA-vxrc-68xx-x48g 34.0.0rc1
2024-01-03T16:32:59.238640+00:00 GHSA Importer Fixing VCID-2qfc-daza-aaap None 34.0.0rc1