CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
88.8%
Fabien Potencier discovered that Twig was not properly enforcing sandbox
policies when dealing with objects automatically cast to strings by PHP.
An attacker could possibly use this issue to expose sensitive information.
This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2019-9942)
Marlon Starkloff discovered that Twig was not properly enforcing closure
constraints in some of its array filtering functions. An attacker could
possibly use this issue to execute arbitrary code. This issue was only
fixed in Ubuntu 20.04 ESM. (CVE-2022-23614)
Dariusz Tytko discovered that Twig was not properly verifying input data
utilized when defining pathnames used to access files in a system. An
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2022-39261)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | php-twig | < 3.3.8-2ubuntu4+esm1 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-cache-extra | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-cssinliner-extra | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-doc | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-extra-bundle | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-html-extra | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-inky-extra | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-intl-extra | < 3.3.8-2ubuntu4 | UNKNOWN |
Ubuntu | 22.04 | noarch | php-twig-markdown-extra | < 3.3.8-2ubuntu4 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
88.8%