CVE-2024-45411
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-45411
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45411.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-45411
- Aliases
- Related
- Published
- 2024-09-09T19:15:13Z
- Modified
- 2024-11-13T06:49:34.953439Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
- References
-
- https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66
- https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6
- https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de
- https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233
- https://security-tracker.debian.org/tracker/CVE-2024-45411
Affected packages
Debian:11 / php-twig
Package
- Name
- php-twig
- Purl
- pkg:deb/debian/php-twig?arch=source
Debian:12 / php-twig
Package
- Name
- php-twig
- Purl
- pkg:deb/debian/php-twig?arch=source
Debian:13 / php-twig
Package
- Name
- php-twig
- Purl
- pkg:deb/debian/php-twig?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.0-4
Git / github.com/twigphp/twig
Affected ranges
- Type
- GIT
- Repo
- https://github.com/twigphp/twig
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
v0.*
v0.9.0
v0.9.1
v0.9.10
v0.9.2
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.0.0-RC1
v1.0.0-RC2
v1.1.0
v1.1.0-RC1
v1.1.0-RC2
v1.1.0-RC3
v1.1.1
v1.1.2
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.1
v1.12.0
v1.12.0-RC1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.2.0-RC1
v1.20.0
v1.21.0
v1.21.1
v1.21.2
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.24.0
v1.24.1
v1.24.2
v1.25.0
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.28.1
v1.28.2
v1.29.0
v1.3.0
v1.3.0-RC1
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.33.2
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.34.4
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.35.4
v1.36.0
v1.37.0
v1.37.1
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.1
v1.4.0
v1.4.0-RC1
v1.4.0-RC2
v1.40.0
v1.40.1
v1.41.0
v1.42.0
v1.42.1
v1.42.2
v1.42.3
v1.42.4
v1.42.5
v1.43.0
v1.43.1
v1.44.0
v1.44.1
v1.44.2
v1.44.3
v1.44.4
v1.44.5
v1.44.6
v1.44.7
v1.5.0
v1.5.0-RC1
v1.5.0-RC2
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.9.0
v1.9.1
v1.9.2
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.13.1
v2.14.0
v2.14.1
v2.14.10
v2.14.11
v2.14.12
v2.14.13
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.14.8
v2.14.9
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.15.5
v2.15.6
v2.16.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.1
v2.9.0
v3.*
v3.0.0
v3.0.0-BETA1
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.1.0
v3.1.1
v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.11.0
v3.12.0
v3.13.0
v3.2.1
v3.3.0
v3.3.1
v3.3.10
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.5.1
v3.6.0
v3.6.1
v3.7.0
v3.7.1
v3.8.0
v3.9.0
v3.9.1
v3.9.2
v3.9.3