CVE-2019-9942

A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:52

Type Values Removed Values Added
References () https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077 - Patch, Third Party Advisory () https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077 - Patch, Third Party Advisory
References () https://seclists.org/bugtraq/2019/Mar/60 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2019/Mar/60 - Mailing List, Third Party Advisory
References () https://symfony.com/blog/twig-sandbox-information-disclosure - Patch, Vendor Advisory () https://symfony.com/blog/twig-sandbox-information-disclosure - Patch, Vendor Advisory
References () https://www.debian.org/security/2019/dsa-4419 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4419 - Third Party Advisory

05 Apr 2022, 20:10

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2019/dsa-4419 - (DEBIAN) https://www.debian.org/security/2019/dsa-4419 - Third Party Advisory
References (MISC) https://symfony.com/blog/twig-sandbox-information-disclosure - Vendor Advisory (MISC) https://symfony.com/blog/twig-sandbox-information-disclosure - Patch, Vendor Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Mar/60 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Mar/60 - Mailing List, Third Party Advisory
CWE CWE-200 NVD-CWE-noinfo
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2019-03-23 15:29

Updated : 2024-11-21 04:52


NVD link : CVE-2019-9942

Mitre link : CVE-2019-9942

CVE.ORG link : CVE-2019-9942


JSON object : View

Products Affected

debian

  • debian_linux

symfony

  • twig