28 Sep 2022
Vulnérabilité CVE-2022-39261 CVE Vulnerability
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. (CVSS:0.0) (Last Update:2022-09-28)
Vulnerability Details : Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. Publish Date : 2022-09-28 Last Update Date : 2022-09-28 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2022-39261
- References For CVE-2022-39261 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2022-39261There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |