CVE-2024-51755
CVE-2024-51755
Título es
CVE-2024-51755
Mié, 06/11/2024 – 20:15
Tipo
CWE-668
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-51755
Descripción en
Twig is a template language for PHP. In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
06/11/2024
06/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
2.20
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW
Referencias
Enviar en el boletín
Off
