Search for packages
Package details: pkg:composer/twig/twig@3.4.3
purl pkg:composer/twig/twig@3.4.3
Next non-vulnerable version 3.11.2
Latest non-vulnerable version 3.19.0
Risk 3.9
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-6ygy-mamy-jkec
Aliases:
CVE-2024-45411
GHSA-6j75-5wfj-gh66
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
3.11.1
Affected by 2 other vulnerabilities.
3.14.0
Affected by 2 other vulnerabilities.
VCID-e9bz-nz6b-sbab
Aliases:
CVE-2024-51755
GHSA-jjxq-ff2g-95vh
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
3.11.2
Affected by 0 other vulnerabilities.
3.14.1
Affected by 0 other vulnerabilities.
VCID-q1pp-7jby-aaas
Aliases:
GHSA-7cvr-xhm5-x998
Twig Path Traversal vulnerability in the filesystem loader Twig is affected by path traversal vulnerability when used with Twig_Loader_Filesystem for loading Twig templates but only if the application is using non-trusted template names (names provided by a end-user for instance). When affected, it is possible to go up one directory for the paths configured in the application's loader. For instance, if the filesystem loader is configured with /path/to/templates as a path to look for templates, an attacker can force Twig to include a file stored in /path/to by prepending the path with /../ like in {% include "/../somefile_in_path_to" %} Note that using anything else (like ../somefile, /../../somefile, or ../../somefile) won’t work and the application will return a proper exception. There are no reported fixed by versions.
VCID-ydp7-f75t-27hn
Aliases:
CVE-2024-51754
GHSA-6377-hfv9-hqf6
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
3.11.2
Affected by 0 other vulnerabilities.
3.14.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-bcv4-ry3v-aaab Twig may load a template outside a configured directory when using the filesystem loader CVE-2022-39261
GHSA-52m2-vc4m-jj33

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:11:15.546096+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.1.3
2025-06-20T17:11:15.057703+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.1.3
2025-06-20T17:07:33.952297+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.1.3
2025-06-20T17:01:15.609140+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.1.3
2025-06-03T23:47:06.731074+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.1.0
2025-06-03T23:47:06.221563+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.1.0
2025-06-03T23:43:39.640071+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.1.0
2025-06-03T23:37:49.907170+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.1.0
2025-06-02T23:45:38.511162+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.1.2
2025-06-02T23:45:38.008148+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.1.2
2025-06-02T23:42:00.010122+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.1.2
2025-06-02T23:35:56.042416+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.1.2
2025-04-03T22:30:58.533321+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 36.0.0
2025-04-03T22:30:57.284793+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 36.0.0
2025-04-03T22:22:59.209494+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 36.0.0
2025-04-03T22:11:18.792021+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 36.0.0
2025-03-29T10:48:45.341142+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab None 36.0.0
2025-02-18T04:14:11.854741+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 35.1.0
2025-02-18T04:14:10.628176+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 35.1.0
2025-02-18T04:08:06.483724+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 35.1.0
2025-02-18T01:09:27.423481+00:00 GitLab Importer Affected by VCID-q1pp-7jby-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/GHSA-7cvr-xhm5-x998.yml 35.1.0
2024-12-11T19:28:01.870662+00:00 GitLab Importer Affected by VCID-e9bz-nz6b-sbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51755.yml 35.0.0
2024-12-11T19:28:00.480761+00:00 GitLab Importer Affected by VCID-ydp7-f75t-27hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-51754.yml 35.0.0
2024-11-21T01:15:32.868626+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 35.0.0
2024-11-19T01:03:29.283772+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 34.3.2
2024-10-17T05:19:49.157872+00:00 GitLab Importer Affected by VCID-6ygy-mamy-jkec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2024-45411.yml 34.0.2
2024-10-15T19:04:33.877057+00:00 GithubOSV Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-52m2-vc4m-jj33/GHSA-52m2-vc4m-jj33.json 34.0.2
2024-10-07T22:21:41.338131+00:00 GHSA Importer Affected by VCID-6ygy-mamy-jkec https://github.com/advisories/GHSA-6j75-5wfj-gh66 34.0.2
2024-10-07T20:52:12.148880+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.2
2024-09-22T22:47:50.020302+00:00 GHSA Importer Affected by VCID-6ygy-mamy-jkec https://github.com/advisories/GHSA-6j75-5wfj-gh66 34.0.1
2024-09-18T09:17:01.958466+00:00 GithubOSV Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-52m2-vc4m-jj33/GHSA-52m2-vc4m-jj33.json 34.0.1
2024-09-17T22:33:19.186669+00:00 GitLab Importer Fixing VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.1
2024-09-17T22:11:15.408658+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.1
2024-04-23T23:34:23.068800+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.0rc4
2024-04-23T23:34:18.359296+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab None 34.0.0rc4
2024-04-23T23:11:22.276159+00:00 GithubOSV Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-52m2-vc4m-jj33/GHSA-52m2-vc4m-jj33.json 34.0.0rc4
2024-01-10T01:34:33.006568+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.0rc2
2024-01-10T01:34:27.209493+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab None 34.0.0rc2
2024-01-03T17:57:31.455822+00:00 GitLab Importer Fixing VCID-bcv4-ry3v-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twig/twig/CVE-2022-39261.yml 34.0.0rc1
2024-01-03T17:42:57.311748+00:00 GHSA Importer Fixing VCID-bcv4-ry3v-aaab https://github.com/advisories/GHSA-52m2-vc4m-jj33 34.0.0rc1