Protection Mechanism Failure in Twig - CVE-2024-45411

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU102072

Protection Mechanism Failure in Twig - CVE-2024-45411

Published: December 30, 2024


Vulnerability identifier: #VU102072
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-45411
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Symfony
Affected software:
Twig

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to sandbox security checks are not run under some circumstances. An attacker can bypass the sandbox restrictions.


How to mitigate CVE-2024-45411

Install updates from vendor's website.

Sources