Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jjxq-ff2g-95vh: Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

Description

In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the __isset() method is now called after the security check. This is a BC break.

Resolution

The sandbox mode now ensures access to array-like’s properties is allowed.

The patch for this issue is available here for branch 3.11.x.

Credits

We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.

ghsa
#git#php
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-51755

Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

Low severity GitHub Reviewed Published Nov 6, 2024 in twigphp/Twig

Package

Affected versions

< 3.11.2

>= 3.12, < 3.14.1

Patched versions

3.11.2

3.14.1

Description

In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy.
They are now checked via the property policy and the __isset() method is now called after the security check.
This is a BC break.

Resolution

The sandbox mode now ensures access to array-like’s properties is allowed.

The patch for this issue is available here for branch 3.11.x.

Credits

We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.

References

  • GHSA-jjxq-ff2g-95vh
  • twigphp/Twig@831c148

Published to the GitHub Advisory Database

Nov 6, 2024

ghsa: Latest News

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables