Lucene search
GoogleOSV:DSA-3343-1HistoryAug 26, 2015 - 12:00 a.m.
twig - security update
2015-08-2600:00:00
Google
osv.dev
12
EPSS
0.072
Percentile
94.1%
James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier
discovered that twig, a templating engine for PHP, did not correctly
process its input. End users allowed to submit twig templates could
use specially crafted code to trigger remote code execution, even in
sandboxed templates.
For the stable distribution (jessie), this problem has been fixed in
version 1.16.2-1+deb8u1.
For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 1.20.0-1.
We recommend that you upgrade your twig packages.
References
Related
friendsofphp
friendsofphp
Remote code execution in templates
2015-08-12 15:53:50
github
github
Twig remote code execution in templates
2022-05-14 02:03:50
nvd
nvd
CVE-2015-7809
2015-11-06 21:59:12
openvas
openvas
Debian: Security Advisory (DSA-3343-1)
2015-08-25 00:00:00
Debian Security Advisory DSA 3343-1 (twig - security update)
2015-08-26 00:00:00
ubuntucve
ubuntucve
CVE-2015-7809
2015-11-06 00:00:00
nessus
nessus
Debian DSA-3343-1 : twig - security update
2015-08-27 00:00:00
cvelist
cvelist
CVE-2015-7809
2015-11-06 21:00:00
veracode
veracode
Arbitrary Code Execution
2017-07-19 22:37:00
debiancve
debiancve
CVE-2015-7809
2015-11-06 21:59:12
freebsd
freebsd
pear-twig -- remote code execution
2015-08-12 00:00:00
prion
prion
Code injection
2015-11-06 21:59:00
cve
cve
CVE-2015-7809
2015-11-06 21:59:12