CVE-2024-51754
LOWDescription
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-51754? +
How severe is CVE-2024-51754? +
How do I check if I'm vulnerable to CVE-2024-51754? +
Related Vulnerabilities
The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission …
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using …
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, …
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via …
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before …
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with …