SB2024110669 - Multiple vulnerabilities in Twig

Description

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control (CVE-ID: CVE-2024-51754)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the sandbox when processing objects in an array or an argument list. A remote privileged user can place an object in an array or argument list to disclose sensitive information.

The issue occurs when __toString() is invoked even though that method is not allowed by the security policy.

2) Improper access control (CVE-ID: CVE-2024-51755)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the sandbox attribute access handling when processing attributes of array-like objects. A remote privileged user can access attributes of array-like objects that are not checked by the security policy to disclose sensitive information.

Remediation

Install update from vendor's website.

References

• https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6
• https://github.com/twigphp/Twig/commit/cafc608ece310e62a35a76f17e25c04ab9ed05cc
• https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh
• https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d