Twig · Twig · CVE-2025-24374
**Name of the Vulnerable Software and Affected Versions**
Twig versions prior to 3.19.0
**Description**
The issue concerns the Twig template language for PHP, where output escaping was missing when using the `??` operator, specifically for the expression on the left side of the operator.
**Recommendations**
For versions prior to 3.19.0, update to version 3.19.0 to resolve the issue.
As a temporary workaround, consider avoiding the use of the `??` operator until a patch is available.