CVE-2024-51755
CVSS 3.1 Score 2.2 of 10 (low)
Details
Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 668
Summary
CVE-2024-51755: A new vulnerability affects Twig, a popular PHP template language. In a sandbox environment, attackers can bypass security checks and access attributes of Array-like objects. This issue is due to the update of the security policy to check properties via the `__isset()` method after the security check, resulting in a backward compatibility break. Twig users are advised to upgrade to versions 3.11.2 or 3.14.1 to address this vulnerability. There is currently no known workaround for this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Twig