CVE-2024-51754
CVE-2024-51754
Título es
CVE-2024-51754
Mié, 06/11/2024 – 20:15
Tipo
CWE-668
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-51754
Descripción en
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
06/11/2024
06/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
2.20
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW
Referencias
Enviar en el boletín
Off
