CVE-2024-51754
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-51754
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51754.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-51754
- Aliases
- Related
- Published
- 2024-11-06T20:15:05Z
- Modified
- 2024-11-10T05:49:39.701174Z
- Summary
- [none]
- Details
-
Twig is a template language for PHP. In a sandbox, an attacker can call
__toString()on an object even if the__toString()method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue. - References
Affected packages
Debian:11 / php-twig
Package
- Name
- php-twig
- Purl
- pkg:deb/debian/php-twig?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.14.3-1
2.14.3-1+deb11u1
2.14.3-1+deb11u2
2.14.3-1+deb11u3
3.*
3.0.0~beta1-1
3.0.0-1
3.0.0-2
3.0.1-1
3.0.3-1
3.0.4-1
3.0.5-1
3.1.1-1
3.2.1-1
3.3.0-1
3.3.2-1
3.3.3-1
3.3.3-2~stage1
3.3.3-2
3.3.3-3
3.3.4-1
3.3.6-1
3.3.7-1
3.3.8-1
3.3.8-2
3.3.9-1
3.4.1-1
3.4.2-1
3.4.3-1
3.4.3-2
3.5.0-1
3.5.1-1~bpo11+1
3.5.1-1
3.6.0-1
3.6.1-1
3.7.0-1
3.7.1-1
3.7.1-2
3.7.1-3
3.8.0-1
3.8.0-2
3.8.0-3
3.8.0-4
3.9.3-1
3.10.1-1
3.10.3-1
3.11.0-1
3.13.0-1
3.14.0-1
3.14.0-2
3.14.0-3
3.14.0-4
3.14.2-1
3.14.2-2
Debian:12 / php-twig
Package
- Name
- php-twig
- Purl
- pkg:deb/debian/php-twig?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / php-twig
Package
- Name
- php-twig
- Purl
- pkg:deb/debian/php-twig?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.14.2-1
Git / github.com/twigphp/twig
Affected ranges
- Type
- GIT
- Repo
- https://github.com/twigphp/twig
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.9.0
v0.9.1
v0.9.10
v0.9.2
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.0.0-RC1
v1.0.0-RC2
v1.1.0
v1.1.0-RC1
v1.1.0-RC2
v1.1.0-RC3
v1.1.1
v1.1.2
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.1
v1.12.0
v1.12.0-RC1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.2.0-RC1
v1.20.0
v1.21.0
v1.21.1
v1.21.2
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.24.0
v1.24.1
v1.24.2
v1.25.0
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.28.1
v1.28.2
v1.29.0
v1.3.0
v1.3.0-RC1
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.33.2
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.34.4
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.35.4
v1.36.0
v1.37.0
v1.37.1
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.1
v1.4.0
v1.4.0-RC1
v1.4.0-RC2
v1.40.0
v1.40.1
v1.41.0
v1.42.0
v1.42.1
v1.42.2
v1.42.3
v1.42.4
v1.42.5
v1.43.0
v1.43.1
v1.44.0
v1.44.1
v1.44.2
v1.44.3
v1.44.4
v1.44.5
v1.44.6
v1.5.0
v1.5.0-RC1
v1.5.0-RC2
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.9.0
v1.9.1
v1.9.2
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.13.1
v2.14.0
v2.14.1
v2.14.10
v2.14.11
v2.14.12
v2.14.13
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.14.8
v2.14.9
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.15.5
v2.15.6
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.1
v2.9.0
v3.*
v3.0.0
v3.0.0-BETA1
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.1.0
v3.1.1
v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.11.0
v3.12.0
v3.13.0
v3.14.0
v3.2.1
v3.3.0
v3.3.1
v3.3.10
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.5.1
v3.6.0
v3.6.1
v3.7.0
v3.7.1
v3.8.0
v3.9.0
v3.9.1
v3.9.2
v3.9.3