Protection Mechanism Failure
CVE-2024-45411
Summary
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run, which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability affects twig/twig package versions through 1.44.7, 2.0.0 through 2.16.0, 3.0.0-BETA1 through 3.11.0, and 3.12.0 through 3.13.0.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- NONE
- NONE
- NONE
CWE-693 - Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
References
Advisory Timeline
- Published