[pkg-php-pear] Bug#1081561: php-twig: CVE-2024-45411
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 12 20:13:47 BST 2024
Source: php-twig
Version: 3.8.0-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 3.5.1-1
Hi,
The following vulnerability was published for php-twig.
CVE-2024-45411[0]:
| Twig is a template language for PHP. Under some circumstances, the
| sandbox security checks are not run which allows user-contributed
| templates to bypass the sandbox restrictions. This vulnerability is
| fixed in 1.44.8, 2.16.1, and 3.14.0.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-45411
https://www.cve.org/CVERecord?id=CVE-2024-45411
[1] https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66
[2] https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-php-pear
mailing list