Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6377-hfv9-hqf6: Twig has unguarded calls to `__toString()` when nesting an object into an array

Description

In a sandbox, an attacker can call __toString() on an object even if the __toString() method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).

Resolution

The sandbox mode now checks the __toString() method call on all objects.

The patch for this issue is available here for branch 3.x.

Credits

We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.

ghsa
#git#php
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-51754

Twig has unguarded calls to `__toString()` when nesting an object into an array

Low severity GitHub Reviewed Published Nov 6, 2024 in twigphp/Twig • Updated Nov 6, 2024

Package

Affected versions

< 3.11.2

>= 3.12, < 3.14.1

Patched versions

3.11.2

3.14.1

Description

In a sandbox, an attacker can call __toString() on an object even if the __toString() method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).

Resolution

The sandbox mode now checks the __toString() method call on all objects.

The patch for this issue is available here for branch 3.x.

Credits

We would like to thank Jamie Schouten for reporting the issue and Fabien Potencier for providing the fix.

References

  • GHSA-6377-hfv9-hqf6
  • twigphp/Twig@2bb8c24

Published to the GitHub Advisory Database

Nov 6, 2024

ghsa: Latest News

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables