VulnerableCode Package Details - pkg:deb/debian/twig@2.6.2-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-bcv4-ry3v-aaab Aliases: CVE-2022-39261 GHSA-52m2-vc4m-jj33	Twig may load a template outside a configured directory when using the filesystem loader	2.7.5-4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bcv4-ry3v-aaab
Aliases:
CVE-2022-39261
GHSA-52m2-vc4m-jj33

Twig may load a template outside a configured directory when using the filesystem loader

2.7.5-4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2qfc-daza-aaap	Sandbox Information Disclosure	CVE-2019-9942 GHSA-vxrc-68xx-x48g
VCID-61jk-7nam-aaaf	DISPUTED Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.	CVE-2018-13818

Vulnerability

Summary

Aliases

VCID-2qfc-daza-aaap

Sandbox Information Disclosure

CVE-2019-9942
GHSA-vxrc-68xx-x48g

VCID-61jk-7nam-aaaf

** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.

CVE-2018-13818

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T00:39:25.064804+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	36.1.3
2025-06-21T16:47:18.447666+00:00	Debian Oval Importer	Fixing	VCID-2qfc-daza-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:31:30.747203+00:00	Debian Oval Importer	Fixing	VCID-61jk-7nam-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:20:26.901626+00:00	Debian Oval Importer	Affected by	VCID-bcv4-ry3v-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-20T23:37:26.469733+00:00	Debian Oval Importer	Affected by	VCID-bcv4-ry3v-aaab	None	36.1.3
2025-06-20T23:08:46.865973+00:00	Debian Oval Importer	Fixing	VCID-2qfc-daza-aaap	None	36.1.3
2025-06-20T22:01:00.746560+00:00	Debian Oval Importer	Fixing	VCID-61jk-7nam-aaaf	None	36.1.3
2025-06-08T09:32:32.708944+00:00	Debian Oval Importer	Fixing	VCID-2qfc-daza-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:30:38.776667+00:00	Debian Oval Importer	Fixing	VCID-61jk-7nam-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:44:16.585743+00:00	Debian Oval Importer	Affected by	VCID-bcv4-ry3v-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T17:00:23.132745+00:00	Debian Oval Importer	Affected by	VCID-bcv4-ry3v-aaab	None	36.1.0
2025-06-07T16:31:56.484904+00:00	Debian Oval Importer	Fixing	VCID-2qfc-daza-aaap	None	36.1.0
2025-06-07T15:24:35.720943+00:00	Debian Oval Importer	Fixing	VCID-61jk-7nam-aaaf	None	36.1.0
2025-04-08T08:04:56.456697+00:00	Debian Oval Importer	Fixing	VCID-2qfc-daza-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:01:56.651534+00:00	Debian Oval Importer	Fixing	VCID-61jk-7nam-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:15:21.662589+00:00	Debian Oval Importer	Affected by	VCID-bcv4-ry3v-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T15:33:35.191124+00:00	Debian Oval Importer	Affected by	VCID-bcv4-ry3v-aaab	None	36.0.0
2025-04-07T15:03:58.706577+00:00	Debian Oval Importer	Fixing	VCID-2qfc-daza-aaap	None	36.0.0
2025-04-07T13:55:53.733743+00:00	Debian Oval Importer	Fixing	VCID-61jk-7nam-aaaf	None	36.0.0
2025-04-05T19:37:56.395408+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	36.0.0
2025-02-19T01:27:34.039521+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	35.1.0
2024-11-21T23:04:08.431716+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	35.0.0
2024-11-19T22:08:29.981855+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	34.3.2
2024-10-08T23:14:35.667073+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	34.0.2
2024-09-18T11:31:05.277225+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	34.0.1
2024-04-24T12:27:42.733882+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	34.0.0rc4
2024-01-10T14:21:47.215463+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	34.0.0rc2
2024-01-04T05:19:37.747764+00:00	Debian Importer	Fixing	VCID-61jk-7nam-aaaf	None	34.0.0rc1

2025-06-22T00:39:25.064804+00:00

Debian Importer

Fixing

Next non-vulnerable version	2.7.5-4
Latest non-vulnerable version	2.7.5-4
Risk	4.0