#VU102072 Protection Mechanism Failure in Twig - CVE-2024-45411

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU102072

#VU102072 Protection Mechanism Failure in Twig - CVE-2024-45411

Published: December 30, 2024


Vulnerability identifier: #VU102072
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-45411
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Twig
Software vendor:
Symfony

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to sandbox security checks are not run under some circumstances. An attacker can bypass the sandbox restrictions.


Remediation

Install updates from vendor's website.

External links