Lucene search
GoogleOSV:GHSA-VXRC-68XX-X48GHistoryMar 26, 2022 - 12:25 a.m.
Twig Sandbox Information Disclosure
2022-03-2600:25:25
Google
osv.dev
13
twig
sandbox
information disclosure
security policy
EPSS
0.002
Percentile
65.2%
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
References
github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2019-9942.yaml
github.com/twigphp/Twig
github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
nvd.nist.gov/vuln/detail/CVE-2019-9942
seclists.org/bugtraq/2019/Mar/60
symfony.com/blog/twig-sandbox-information-disclosure
www.debian.org/security/2019/dsa-4419
Related
cvelist
cvelist
CVE-2019-9942
2019-03-23 14:31:53
github
github
Twig Sandbox Information Disclosure
2022-03-26 00:25:25
osv
osv
CVE-2019-9942
2019-03-23 15:29:00
twig - security update
2019-03-29 00:00:00
php-twig, twig vulnerabilities
2023-03-13 10:55:33
debian
debian
[SECURITY] [DSA 4419-1] twig security update
2019-03-29 15:50:07
[SECURITY] [DSA 4419-1] twig security update
2019-03-29 15:50:07
prion
prion
Information disclosure
2019-03-23 15:29:00
nvd
nvd
CVE-2019-9942
2019-03-23 15:29:00
ubuntucve
ubuntucve
CVE-2019-9942
2019-03-23 00:00:00
debiancve
debiancve
CVE-2019-9942
2019-03-23 15:29:00
openvas
openvas
Debian: Security Advisory (DSA-4419-1)
2019-03-28 00:00:00
Ubuntu: Security Advisory (USN-5947-1)
2023-03-13 00:00:00
nessus
nessus
Debian DSA-4419-1 : twig - security update
2019-04-01 00:00:00
friendsofphp
friendsofphp
Sandbox Information Disclosure
2019-03-12 12:35:01
veracode
veracode
Information Disclosure
2019-07-12 06:36:57
cve
cve
CVE-2019-9942
2019-03-23 15:29:00
ubuntu
ubuntu
Twig vulnerabilities
2023-03-13 00:00:00