CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.6%
Twig is an open source template language for PHP. When in a sandbox mode,
the arrow
parameter of the sort
filter must be a closure to avoid
attackers being able to run arbitrary PHP functions. In affected versions
this constraint was not properly enforced and could lead to code injection
of arbitrary PHP code. Patched versions now disallow calling non Closure in
the sort
filter as is the case for some other filters. Users are advised
to upgrade.
Author | Note |
---|---|
ccdm94 | advisory mentions that all versions greater than 2.0.0 and less than 2.14.11 are affected, however, there is no ‘arrow’ parameter implemented in bionic’s version of Twig. As per commit 330024b6, support for the ‘arrow’ function was only added in Twig 2.12. |
github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9
github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5
github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
launchpad.net/bugs/cve/CVE-2022-23614
nvd.nist.gov/vuln/detail/CVE-2022-23614
security-tracker.debian.org/tracker/CVE-2022-23614
ubuntu.com/security/notices/USN-5947-1
www.cve.org/CVERecord?id=CVE-2022-23614
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.6%