Nicolò Ribaudo

**Name of the Vulnerable Software and Affected Versions** Twig versions 2.16.x Twig versions 3.9.0 through 3.25.x **Description** A sandbox bypass exists when using a `SourcePolicyInterface`. This occurs because a runtime check fails to use the current template source, allowing attackers with template rendering capabilities to pass arbitrary PHP callables to the `sort`, `filter`, `map`, and `reduce` filters. This can lead to arbitrary code execution when the sandbox is enabled via a source policy instead of globally. **Recommendations** Update Twig versions 2.16.x to a newer version containing the fix. Update Twig versions 3.9.0 through 3.25.x to a newer version containing the fix.