Symfony Twig 0.9.7

CPE Details

Symfony Twig 0.9.7
symfony
twig
0.9.7
2018-09-06
11h33 +00:00
2018-09-06
11h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:symfony:twig:0.9.7:*:*:*:*:*:*:*

Informations

Vendor

symfony

Product

twig

Version

0.9.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-9942 2019-03-23 13h31 +00:00 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
3.7
Low
CVE-2018-13818 2018-07-10 12h00 +00:00 Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
9.8
Critical
CVE-2015-7809 2015-11-06 20h00 +00:00 The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
6.8
CVE-2001-1537 2005-07-14 02h00 +00:00 The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
7.5
High