NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-51755

Summary	Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
Publication Date	Nov. 7, 2024, 5:15 a.m.
Registration Date	Nov. 7, 2024, noon
Last Update	Nov. 9, 2024, 4:01 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh
2	https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-668	誤った領域へのリソースの漏えい	https://cwe.mitre.org/data/definitions/668.html