GHSA-5mv2-rx3q-4w2v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5mv2-rx3q-4w2v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-5mv2-rx3q-4w2v/GHSA-5mv2-rx3q-4w2v.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-5mv2-rx3q-4w2v
- Aliases
- Published
- 2022-02-10T22:21:48Z
- Modified
- 2024-02-15T05:34:22.119618Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Code injection in Twig
- Details
-
Description
When in a sandbox mode, the
arrowparameter of thesortfilter must be a closure to avoid attackers being able to run arbitrary PHP functions.Resolution
We now disallow calling non Closure in the
sortfilter like we already did for some other filters.Credits
We would like to thank Marlon Starkloff for reporting the issue and Fabien Potencier for fixing the issue.
- Database specific
{ "nvd_published_at": "2022-02-04T23:15:00Z", "cwe_ids": [ "CWE-74", "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-02-07T16:43:09Z" }- References
-
- https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
- https://nvd.nist.gov/vuln/detail/CVE-2022-23614
- https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9
- https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-23614.yaml
- https://github.com/twigphp/Twig
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD
- https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter
- https://www.debian.org/security/2022/dsa-5107
Affected packages
Packagist / twig/twig
Package
- Name
- twig/twig
- Purl
- pkg:composer/twig/twig
Affected versions
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.1
v2.9.0
v2.10.0
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.13.1
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.14.8
v2.14.9
v2.14.10
Packagist / twig/twig
Package
- Name
- twig/twig
- Purl
- pkg:composer/twig/twig