Headline
GHSA-6377-hfv9-hqf6: Twig has unguarded calls to `__toString()` when nesting an object into an array
Description
In a sandbox, an attacker can call __toString()
on an object even if the __toString()
method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).
Resolution
The sandbox mode now checks the __toString()
method call on all objects.
The patch for this issue is available here for branch 3.x.
Credits
We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-51754
Twig has unguarded calls to `__toString()` when nesting an object into an array
Low severity GitHub Reviewed Published Nov 6, 2024 in twigphp/Twig • Updated Nov 6, 2024
Package
Affected versions
< 3.11.2
>= 3.12, < 3.14.1
Patched versions
3.11.2
3.14.1
Description
In a sandbox, an attacker can call __toString() on an object even if the __toString() method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).
Resolution
The sandbox mode now checks the __toString() method call on all objects.
The patch for this issue is available here for branch 3.x.
Credits
We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.
References
- GHSA-6377-hfv9-hqf6
- twigphp/Twig@2bb8c24
Published to the GitHub Advisory Database
Nov 6, 2024