twig/twig Security Advisories for v1.11.1 (7)
-
[LOW] Unguarded calls to __toString() when nesting an object into an array
PKSA-yhcn-xrg3-68b1 CVE-2024-51754 GHSA-6377-hfv9-hqf6
Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
PKSA-2wrf-1xmk-1pky CVE-2024-51755 GHSA-jjxq-ff2g-95vh
Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Possible sandbox bypass
PKSA-6319-ffpf-gx66 CVE-2024-45411 GHSA-6j75-5wfj-gh66
Affected version: >=1.0.0,<1.44.7|>=2.0.0,<2.16.0|>=3.0.0,<3.11.0|>=3.12.0,<3.14.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Possibility to load a template outside a configured directory when using the filesystem loader
PKSA-n7sg-8f52-pqtf CVE-2022-39261 GHSA-52m2-vc4m-jj33
Affected version: >=1.0.0,<1.44.7|>=2.0.0,<2.15.3|>=3.0.0,<3.4.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Sandbox Information Disclosure
PKSA-6cvh-gt46-wq7q CVE-2019-9942 GHSA-vxrc-68xx-x48g
Affected version: <1.38.0|>=2.0.0,<2.7.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Remote code execution in templates
PKSA-19rw-dqx2-75hc CVE-2015-7809 GHSA-xw83-pwrm-9j74
Affected version: <1.20.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Vulnerability in the filesystem loader
PKSA-g1zx-twcw-9z6k GHSA-7cvr-xhm5-x998
Affected version: >=1.0.0,<1.12.3
Reported by:
GitHub, FriendsOfPHP/security-advisories