Search for packages
Package details: pkg:deb/debian/twig@1.16.2-1%2Bdeb8u1
purl pkg:deb/debian/twig@1.16.2-1%2Bdeb8u1
Next non-vulnerable version 2.7.5-4
Latest non-vulnerable version 2.7.5-4
Risk 4.4
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-2qfc-daza-aaap
Aliases:
CVE-2019-9942
GHSA-vxrc-68xx-x48g
Sandbox Information Disclosure
1.24.0-2+deb9u1
Affected by 3 other vulnerabilities.
2.6.2-2
Affected by 1 other vulnerability.
VCID-61jk-7nam-aaaf
Aliases:
CVE-2018-13818
** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.
2.6.2-2
Affected by 1 other vulnerability.
VCID-bcv4-ry3v-aaab
Aliases:
CVE-2022-39261
GHSA-52m2-vc4m-jj33
Twig may load a template outside a configured directory when using the filesystem loader
2.7.5-4
Affected by 0 other vulnerabilities.
VCID-yzvj-hyq6-aaar
Aliases:
CVE-2015-7809
GHSA-xw83-pwrm-9j74
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
1.24.0-2+deb9u1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-yzvj-hyq6-aaar The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. CVE-2015-7809
GHSA-xw83-pwrm-9j74

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T16:55:35.972007+00:00 Debian Oval Importer Affected by VCID-yzvj-hyq6-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:47:18.443250+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:31:30.742172+00:00 Debian Oval Importer Affected by VCID-61jk-7nam-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:20:26.897430+00:00 Debian Oval Importer Affected by VCID-bcv4-ry3v-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:50:00.981617+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T09:50:13.970967+00:00 Debian Oval Importer Fixing VCID-yzvj-hyq6-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-20T23:37:26.465479+00:00 Debian Oval Importer Affected by VCID-bcv4-ry3v-aaab None 36.1.3
2025-06-20T22:01:00.742113+00:00 Debian Oval Importer Affected by VCID-61jk-7nam-aaaf None 36.1.3
2025-06-20T20:15:30.944890+00:00 Debian Oval Importer Affected by VCID-yzvj-hyq6-aaar None 36.1.3
2025-06-20T19:56:29.840263+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap None 36.1.3
2025-06-20T19:45:33.813729+00:00 Debian Oval Importer Fixing VCID-yzvj-hyq6-aaar None 36.1.3
2025-06-08T09:40:44.434167+00:00 Debian Oval Importer Affected by VCID-yzvj-hyq6-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:32:32.705848+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:30:38.773047+00:00 Debian Oval Importer Affected by VCID-61jk-7nam-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:44:16.582697+00:00 Debian Oval Importer Affected by VCID-bcv4-ry3v-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:25:46.259871+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T03:38:53.551977+00:00 Debian Oval Importer Fixing VCID-yzvj-hyq6-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-07T17:00:23.129703+00:00 Debian Oval Importer Affected by VCID-bcv4-ry3v-aaab None 36.1.0
2025-06-07T15:24:35.717420+00:00 Debian Oval Importer Affected by VCID-61jk-7nam-aaaf None 36.1.0
2025-06-07T13:55:31.238902+00:00 Debian Oval Importer Affected by VCID-yzvj-hyq6-aaar None 36.1.0
2025-06-07T13:46:48.141690+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap None 36.1.0
2025-06-07T13:37:40.342450+00:00 Debian Oval Importer Fixing VCID-yzvj-hyq6-aaar None 36.1.0
2025-04-08T08:13:09.366799+00:00 Debian Oval Importer Affected by VCID-yzvj-hyq6-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:04:56.446270+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:01:56.641792+00:00 Debian Oval Importer Affected by VCID-61jk-7nam-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:15:21.652487+00:00 Debian Oval Importer Affected by VCID-bcv4-ry3v-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:55:44.628017+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:06:40.720926+00:00 Debian Oval Importer Fixing VCID-yzvj-hyq6-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-07T15:33:35.179675+00:00 Debian Oval Importer Affected by VCID-bcv4-ry3v-aaab None 36.0.0
2025-04-07T13:55:53.723661+00:00 Debian Oval Importer Affected by VCID-61jk-7nam-aaaf None 36.0.0
2025-04-07T12:30:16.867391+00:00 Debian Oval Importer Affected by VCID-yzvj-hyq6-aaar None 36.0.0
2025-04-07T12:21:56.538719+00:00 Debian Oval Importer Affected by VCID-2qfc-daza-aaap None 36.0.0
2025-04-07T12:13:05.659297+00:00 Debian Oval Importer Fixing VCID-yzvj-hyq6-aaar None 36.0.0