IDCVSSSummaryLast (major) updatePublished
CVE-2018-13818 7.5
** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications usin
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2015-7809 6.8
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
09-11-2015 - 14:55 06-11-2015 - 16:59
Back to Top Mark selected
Back to Top