CVE-2015-7809

Name of the Vulnerable Software and Affected Versions Sensio Labs Twig versions prior to 1.20.0

Description The issue allows remote attackers to execute arbitrary code via the self variable in a template when Sandbox mode is enabled. This is related to the displayBlock function in Template.php.

Recommendations For versions prior to 1.20.0, update to version 1.20.0 or later to resolve the issue. As a temporary workaround, consider disabling the displayBlock function or restricting the use of the self variable in templates until a patch is available. Restrict access to the Template.php file to minimize the risk of exploitation.