Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
References
Configurations
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
27 Jun 2023, 02:39
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
18 Apr 2022, 19:34
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5107 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | |
First Time |
Debian
Debian debian Linux |
24 Mar 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 16:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject fedora
Fedoraproject |
|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/ - Mailing List, Third Party Advisory |
14 Feb 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Feb 2022, 13:58
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v - Third Party Advisory | |
References | (MISC) https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:* | |
First Time |
Symfony twig
Symfony |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
04 Feb 2022, 23:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-04 23:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-23614
Mitre link : CVE-2022-23614
CVE.ORG link : CVE-2022-23614
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
symfony
- twig