CVE-2024-51755
LOWDescription
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-51755? +
How severe is CVE-2024-51755? +
How do I check if I'm vulnerable to CVE-2024-51755? +
Related Vulnerabilities
The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission …
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using …
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, …
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via …
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before …
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with …