Analyzed
about 15 hours
ago.
based on code collected
about 18 hours
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2022-39261 | BDSA-2022-3401 | High | Sep 28, 2022 | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem l more... |
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2019-9942 | Low | Mar 23, 2019 | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toSt more... |
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
|
| CVE-2018-13818 | BDSA-2018-5241 | Critical | Jul 10, 2018 | Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not more... |
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
| CVE-2015-7809 | Nov 06, 2015 | The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary co more... |
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
||
| CVE-2001-1537 | High | Dec 31, 2001 | The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could more... |
v1.16.2, v1.16.1, v1.16.0, v1.15.1, v1.15.0, v1.14.2, v1.14.1, v1.14.0, v1.13.2, v1.13.1
|
|
| BDSA-2022-0406 | High | Feb 11, 2022 | Twig contains a remote code execution vulnerability. When in `sandbox` mode, an attacker could exploit this issue by altering the `arrow` parameter of more... |
