AIKIDO-2024-10430
twig/twig is vulnerable to Exposed Dangerous Method or Function
21
Low Risk
This Affects:
twig/twigTL;DR
Affected versions of the package may expose restricted functions due to improper sandboxing. In sandbox mode, an attacker could exploit a vulnerability that allows calling the toString() method on an object, even if the __toString() method is restricted by the security policy. This issue could potentially lead to unauthorized access to sensitive data or allow the execution of malicious code, depending on what the toString() method reveals about the object or its internal state.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
twig/twig is vulnerable to Exposed Dangerous Method or Function in versions 1.38.0 - 3.14.0.
How to fix this
Upgrade the twig/twig library to the patch version.
Links
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant