CVE-2015-7809
N/A
N/A
Summary
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/twigphp/Twig/pull/1759
- http://www.debian.org/security/2015/dsa-3343
- http://symfony.com/blog/security-release-twig-1-20-0
- https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f
- http://openwall.com/lists/oss-security/2015/10/11/2
- http://openwall.com/lists/oss-security/2015/08/21/3
References
- https://github.com/twigphp/Twig/pull/1759
- http://www.debian.org/security/2015/dsa-3343
- http://symfony.com/blog/security-release-twig-1-20-0
- https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f
- http://openwall.com/lists/oss-security/2015/10/11/2
- http://openwall.com/lists/oss-security/2015/08/21/3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.