A sandbox information disclosure exists in Twig prior to 1.38.0 and 2.x prior to 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symfony twig |
||
debian debian linux 9.0 |