IDCVSSSummaryLast (major) updatePublished
CVE-2019-9942 4.3
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
23-03-2019 - 11:29 23-03-2019 - 11:29
CVE-2018-13818 7.5
** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications usin
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2015-7809 6.8
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
09-11-2015 - 14:55 06-11-2015 - 16:59
Back to Top Mark selected
Back to Top