CVE-2024-51754 – Twig Template Language Object wrapping Sandbox Escalation

11月 6, 2024
9:16 pm

CVE ID : CVE-2024-51754

Published : Nov. 6, 2024, 8:15 p.m. | 1 hour, 1 minute ago

Description : Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.

Severity: 2.2 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-51754 – Twig Template Language Object wrapping Sandbox Escalation

Elvescore.io

Recent Posts

CVE-2024-48197 – Audiocodes MP-202b Cross Site Scripting Privilege Escalation

CVE-2024-56199 – phpMyFAQ HTML Injection Vulnerability

CVE-2025-0173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability

CVE-2024-11716 – CTFd Team Bracket Reassignment Vulnerability ( Privilege Escalation )

CVE-2024-11717 – CTFd TokenForgeable Authentication

CVE-2022-45811 – WeyHan Ng Post Teaser Missing Authorization

CVE-2024-51754 – Twig Template Language Object wrapping Sandbox Escalation

CVE-2024-51754 – Twig Template Language Object wrapping Sandbox Escalation