Published: 23/03/2019 Updated: 05/04/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

A sandbox information disclosure exists in Twig prior to 1.38.0 and 2.x prior to 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symfony twig
debian debian linux 9.0

Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing This could result in potential information disclosure For the stable distribution (stretch), this problem has been fixed in version 1240-2+deb9u1 We recommend that you upgrade your twig packages For the detailed security status of twig pleas ...

NVD-CWE-noinfo https://symfony.com/blog/twig-sandbox-information-disclosure https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077 https://www.debian.org/security/2019/dsa-4419 https://seclists.org/bugtraq/2019/Mar/60 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4419

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9942

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect