GHSA-vxrc-68xx-x48g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vxrc-68xx-x48g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vxrc-68xx-x48g/GHSA-vxrc-68xx-x48g.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-vxrc-68xx-x48g
- Aliases
- Published
- 2022-03-26T00:25:25Z
- Modified
- 2023-11-01T05:29:37.451991Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Twig Sandbox Information Disclosure
- Details
-
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the
__toString()method on an object even if not allowed by the security policy in place. - Database specific
{ "severity": "LOW", "cwe_ids": [ "CWE-200" ], "nvd_published_at": "2019-03-23T15:29:00Z", "github_reviewed_at": "2022-03-26T00:25:25Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-9942
- https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2019-9942.yaml
- https://github.com/twigphp/Twig
- https://seclists.org/bugtraq/2019/Mar/60
- https://symfony.com/blog/twig-sandbox-information-disclosure
- https://www.debian.org/security/2019/dsa-4419
Affected packages
Packagist / twig/twig
Package
- Name
- twig/twig
- Purl
- pkg:composer/twig/twig
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.38.0
Affected versions
1.*
1.3.0
1.4.0
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
v1.*
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.9.0
v1.9.1
v1.9.2
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.1
v1.12.0-RC1
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.20.0
v1.21.0
v1.21.1
v1.21.2
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.24.0
v1.24.1
v1.24.2
v1.25.0
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.28.1
v1.28.2
v1.29.0
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.33.2
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.34.4
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.35.4
v1.36.0
v1.37.0
v1.37.1
Packagist / twig/twig
Package
- Name
- twig/twig
- Purl
- pkg:composer/twig/twig