Twig Template Engine Vulnerability Allows Sandbox Policy Bypass
A critical vulnerability in Twig versions 3.9.0 through 3.25.0 allows sandboxed templates to bypass security policy enforcement.
2 results for “php”
A critical vulnerability in Twig versions 3.9.0 through 3.25.0 allows sandboxed templates to bypass security policy enforcement.
A critical vulnerability in Twig versions prior to 3.26.0 allows attackers to inject arbitrary PHP code via crafted template names in {% use %} tags.