You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Twig, the flexible, fast, and secure template language for PHP
path: null
Dependency Hierarchy:
twig/extensions-v1.5.4 (Root Library)
❌ twig/twig-v1.35.4 (Vulnerable Library)
Vulnerability Details
** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.
CVE-2018-13818 - High Severity Vulnerability
Twig, the flexible, fast, and secure template language for PHP
path: null
Dependency Hierarchy:
** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.
Publish Date: 2018-07-10
URL: CVE-2018-13818
Base Score Metrics:
Type: Change files
Origin: twigphp/Twig@eddb971
Release Date: 2017-09-27
Fix Resolution: Replace or update the following file: Environment.php
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: