CVE-2024-51755

CVSS 3.1 Score 2.2 of 10 (low)

Details

Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 668

Summary

CVE-2024-51755: A new vulnerability affects Twig, a popular PHP template language. In a sandbox environment, attackers can bypass security checks and access attributes of Array-like objects. This issue is due to the update of the security policy to check properties via the `__isset()` method after the security check, resulting in a backward compatibility break. Twig users are advised to upgrade to versions 3.11.2 or 3.14.1 to address this vulnerability. There is currently no known workaround for this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share