New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2018-13818 #2743
Comments
|
I don't know about this CVE, and Twig does not do anything with And the exploit https://www.exploit-db.com/exploits/44102/ linked on https://www.cvedetails.com/cve/CVE-2018-13818/ talks about accessing So I think this CVE was not tied to the right source. The issue was most probably in a different package (maybe using Twig among other things). |
|
And the diff of 2.4.4 makes it even less likely that such thing got fixed: v2.4.3...v2.4.4 |
|
@stof , Have you attempted to reproduce https://www.exploit-db.com/exploits/44102/ . |
|
Same as @stof, this looks like an invalid or at least incomplete report. @bh-e there is no way to reproduce this: Twig is not a web app so you cannot hit it. It needs a webapp to wrap it. It's the responsibility of the webapp to do it properly. If you have more details about this CVE, we would be happy to try a reproducer. |
|
@nicolas-grekas , @stof . I have contacted the exploit author via twitter and his reply: https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20 |
CVE is disputed and missing information. Twig discussion shows there was never any fix to be made. twigphp/Twig#2743
Hello.
I couldn't find which change fixed CVE-2018-13818. Please help.
The text was updated successfully, but these errors were encountered: