PT-2024-34885 · Twig+3 · Twig+3
Maantje
·
Published
2024-11-06
·
Updated
2025-05-29
·
CVE-2024-51754
CVSS v3.1
2.2
Low
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Twig versions prior to 3.11.2
Twig versions prior to 3.14.1
Description
In a sandbox, an attacker can call
toString() on an object even if the toString() method is not allowed by the security policy when the object is part of an array or an argument list.Recommendations
For versions prior to 3.11.2, upgrade to version 3.11.2 or later.
For versions prior to 3.14.1, upgrade to version 3.14.1 or later.
Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Twig
Ubuntu