CVE-2015-7809: Twig remote code execution in templates
(updated )
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2015-7809.yaml
- github.com/advisories/GHSA-xw83-pwrm-9j74
- github.com/twigphp/Twig
- github.com/twigphp/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8f
- github.com/twigphp/Twig/pull/1759
- nvd.nist.gov/vuln/detail/CVE-2015-7809
- symfony.com/blog/security-release-twig-1-20-0
Detect and mitigate CVE-2015-7809 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →