Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox,… https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Creată 9d | 6 nov. 2024, 19:50:22


Autentifică-te pentru a adăuga comentarii

Alte posturi din acest grup

New in Symfony 7.2: Redesigned TypeInfo Component

Contributed by Mathias Arlaud in

15 nov. 2024, 10:30:25 | Symfony
SymfonyOnline January 2025 is coming up soon - join us online!

SymfonyOnline January 2025 is coming up soon, running on January 16-17, and it’s going to be a great two-day online conference! Get ready for top-notch insights, inspiring schedule & speake

14 nov. 2024, 18:21:35 | Symfony
New in Symfony 7.2: New Command Options

In Symfony 7.2, we've improved many existing commands with new options and features.

Resolve Env Vars when Linting the Container

14 nov. 2024, 11:20:23 | Symfony
Symfony 7.1.8 released

Symfony 7.1.8 has just been released. Here is the list of the most important changes since 7.1.7:

security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-g
13 nov. 2024, 16:50:05 | Symfony
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

Affected versions

Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.

The issue has been fixed in Symfony

13 nov. 2024, 16:50:04 | Symfony
Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it. https://symfony.com/blog/update-for-cve-2024-50342-internal-address-and-port-enumera

13 nov. 2024, 16:50:03 | Symfony
Symfony 7.2.0-RC1 released

Symfony 7.2.0-RC1 has just been released. Here is the list of the most important changes since 7.2.0-BETA2:

feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)

feature #57630 [TypeInfo]

13 nov. 2024, 16:50:02 | Symfony