CVE-2025-24374

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24374

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24374.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24374

Aliases

GHSA-3xg3-cgvq-2xwr

Related

UBUNTU-CVE-2025-24374

Published

2025-01-29T16:15:44Z

Modified

2025-02-01T05:47:43.555078Z

Summary

[none]

Details

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.

References

Affected packages

Debian:11 / php-twig

Package

Name: php-twig
Purl: pkg:deb/debian/php-twig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.14.3-1

2.14.3-1+deb11u1

2.14.3-1+deb11u2

2.14.3-1+deb11u3

3.*

3.0.0~beta1-1

3.0.0-1

3.0.0-2

3.0.1-1

3.0.3-1

3.0.4-1

3.0.5-1

3.1.1-1

3.2.1-1

3.3.0-1

3.3.2-1

3.3.3-1

3.3.3-2~stage1

3.3.3-2

3.3.3-3

3.3.4-1

3.3.6-1

3.3.7-1

3.3.8-1

3.3.8-2

3.3.9-1

3.4.1-1

3.4.2-1

3.4.3-1

3.4.3-2

3.5.0-1

3.5.1-1~bpo11+1

3.5.1-1

3.6.0-1

3.6.1-1

3.7.0-1

3.7.1-1

3.7.1-2

3.7.1-3

3.8.0-1

3.8.0-2

3.8.0-3

3.8.0-4

3.9.3-1

3.10.1-1

3.10.3-1

3.11.0-1

3.13.0-1

3.14.0-1

3.14.0-2

3.14.0-3

3.14.0-4

3.14.2-1

3.14.2-2

3.14.2-3

3.15.0-1

3.15.0-2

3.17.1-1

3.17.1-2

3.18.0-1

3.18.0-2

3.18.0-4

3.18.0-5

3.18.0-6

3.18.0-7

3.19.0-1~bootstrap

3.19.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / php-twig

Package

Name: php-twig
Purl: pkg:deb/debian/php-twig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.1-1

3.5.1-1+deb12u1

3.6.0-1

3.6.1-1

3.7.0-1

3.7.1-1

3.7.1-2

3.7.1-3

3.8.0-1

3.8.0-2

3.8.0-3

3.8.0-4

3.9.3-1

3.10.1-1

3.10.3-1

3.11.0-1

3.13.0-1

3.14.0-1

3.14.0-2

3.14.0-3

3.14.0-4

3.14.2-1

3.14.2-2

3.14.2-3

3.15.0-1

3.15.0-2

3.17.1-1

3.17.1-2

3.18.0-1

3.18.0-2

3.18.0-4

3.18.0-5

3.18.0-6

3.18.0-7

3.19.0-1~bootstrap

3.19.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / php-twig

Package

Name: php-twig
Purl: pkg:deb/debian/php-twig?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.19.0-1~bootstrap

Affected versions

3.*

3.5.1-1

3.6.0-1

3.6.1-1

3.7.0-1

3.7.1-1

3.7.1-2

3.7.1-3

3.8.0-1

3.8.0-2

3.8.0-3

3.8.0-4

3.9.3-1

3.10.1-1

3.10.3-1

3.11.0-1

3.13.0-1

3.14.0-1

3.14.0-2

3.14.0-3

3.14.0-4

3.14.2-1

3.14.2-2

3.14.2-3

3.15.0-1

3.15.0-2

3.17.1-1

3.17.1-2

3.18.0-1

3.18.0-2

3.18.0-4

3.18.0-5

3.18.0-6

3.18.0-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/twigphp/twig

Affected ranges

Type: GIT
Repo: https://github.com/twigphp/twig
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

38576b12f05df3cc871bf68f39ccb46b418334a3

Affected versions

v0.*

v0.9.0

v0.9.1

v0.9.10

v0.9.2

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.0-RC1

v1.0.0-RC2

v1.1.0

v1.1.0-RC1

v1.1.0-RC2

v1.1.0-RC3

v1.1.1

v1.1.2

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.11.0

v1.11.1

v1.12.0

v1.12.0-RC1

v1.12.1

v1.12.2

v1.12.3

v1.13.0

v1.13.1

v1.13.2

v1.14.0

v1.14.1

v1.14.2

v1.15.0

v1.15.1

v1.16.0

v1.16.1

v1.16.2

v1.16.3

v1.17.0

v1.18.0

v1.18.1

v1.18.2

v1.19.0

v1.2.0

v1.2.0-RC1

v1.20.0

v1.21.0

v1.21.1

v1.21.2

v1.22.0

v1.22.1

v1.22.2

v1.22.3

v1.23.0

v1.23.1

v1.23.2

v1.23.3

v1.24.0

v1.24.1

v1.24.2

v1.25.0

v1.26.0

v1.26.1

v1.27.0

v1.28.0

v1.28.1

v1.28.2

v1.29.0

v1.3.0

v1.3.0-RC1

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.33.1

v1.33.2

v1.34.0

v1.34.1

v1.34.2

v1.34.3

v1.34.4

v1.35.0

v1.35.1

v1.35.2

v1.35.3

v1.35.4

v1.36.0

v1.37.0

v1.37.1

v1.38.0

v1.38.1

v1.38.2

v1.38.3

v1.38.4

v1.39.0

v1.39.1

v1.4.0

v1.4.0-RC1

v1.4.0-RC2

v1.40.0

v1.40.1

v1.41.0

v1.42.0

v1.42.1

v1.42.2

v1.42.3

v1.42.4

v1.42.5

v1.43.0

v1.43.1

v1.44.0

v1.44.1

v1.44.2

v1.44.3

v1.44.4

v1.44.5

v1.44.6

v1.5.0

v1.5.0-RC1

v1.5.0-RC2

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.7.0

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.9.0

v1.9.1

v1.9.2

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.13.0

v2.13.1

v2.14.0

v2.14.1

v2.14.10

v2.14.11

v2.14.12

v2.14.13

v2.14.2

v2.14.3

v2.14.4

v2.14.5

v2.14.6

v2.14.7

v2.14.8

v2.14.9

v2.15.0

v2.15.1

v2.15.2

v2.15.3

v2.15.4

v2.15.5

v2.15.6

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.5.0

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.8.0

v2.8.1

v2.9.0

v3.*

v3.0.0

v3.0.0-BETA1

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.1.0

v3.1.1

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.12.0

v3.13.0

v3.14.0

v3.14.1

v3.14.2

v3.15.0

v3.16.0

v3.17.0

v3.17.1

v3.18.0

v3.2.1

v3.3.0

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.6.0

v3.6.1

v3.7.0

v3.7.1

v3.8.0

v3.9.0

v3.9.1

v3.9.2

v3.9.3