Protection Mechanism Failure in twigphp Twig



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-45411
CWE-ID CWE-693
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Twig
Web applications / CMS

Vendor Symfony

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Protection Mechanism Failure

EUVDB-ID: #VU102072

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-45411

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to sandbox security checks are not run under some circumstances. An attacker can bypass the sandbox restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Twig: All versions

CPE2.3 External links

https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66
https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6
https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de
https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###