CVE-2024-28119

Summary

CVE-2024-28119 is a vulnerability affecting the open-source Grav content management system. Prior to version 1.7.45, Grav allowed unrestricted access to Twig extension classes from the grav context. This issue enabled attackers to redefine the escape function and execute arbitrary commands. Twig processing of static pages could be enabled in the front matter by administrative users, allowing the vulnerability to be exploited. Since Twig processing runs unsandboxed, this behavior could result in arbitrary code execution and privilege escalation. The vulnerability is addressed in version 1.7.45, which contains a patch for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.