Remote Code Execution Vulnerability in Twig by Sensio Labs
CVE-2015-7809

Currently unrated

Key Information:

Vendor

Symfony

Status
Twig
Vendor
CVE Published:
6 November 2015

What is CVE-2015-7809?

The vulnerability exists in the displayBlock function of Template.php in Twig, affecting versions prior to 1.20.0. When Sandbox mode is enabled, this flaw can be exploited by remote attackers to execute arbitrary code through manipulation of the _self variable within a template. It is crucial for developers using affected versions to upgrade to avoid potential security risks.

References

https://github.com/twigphp/Twig/pull/1759
x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3343
vendor-advisoryx_refsource_DEBIAN
http://symfony.com/blog/security-release-twig-1-20-0
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.