EPSS
Percentile
65.2%
twig/twig is vulnerable to information disclosure. The __toString() function can be called on an object under certain circumstances despite having a security policy in place to restrict access to the resource.
__toString()
github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
github.com/twigphp/Twig/pull/2885
seclists.org/bugtraq/2019/Mar/60
symfony.com/blog/twig-sandbox-information-disclosure
www.debian.org/security/2019/dsa-4419