CVE-2024-51754

CVSS 3.1 Score 2.2 of 10 (low)

Details

Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 668

Summary

CVE-2024-51754 is a vulnerability affecting Twig, a popular template engine for PHP. In a sandbox environment, an attacker can bypass the security policy and call the `__toString()` method on an object, even if it's not allowed. This issue can occur when the object is part of an array or an argument list. The vulnerability has been addressed in Twig versions 3.11.2 and 3.14.1. Users are strongly urged to upgrade as there are currently no known workarounds to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share