Skip to main content

Protection Mechanism Failure

CVE-2024-45411

Severity High
Score 8.6/10

Summary

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run, which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability affects twig/twig package versions through 1.44.7, 2.0.0 through 2.16.0, 3.0.0-BETA1 through 3.11.0, and 3.12.0 through 3.13.0.

  • LOW
  • NETWORK
  • HIGH
  • CHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-693 - Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Advisory Timeline

  • Published