CVE-2024-45411

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-693
View all →

Vulnerability Description

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.

Related Vulnerabilities

CVE-2018-0383

HIGH
CVSS:8.6(High)

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to ...

CWE-6932018

CVE-2019-1669

HIGH
CVSS:8.6(High)

A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or...

CWE-6932019

CVE-2023-42918

HIGH
CVSS:8.6(High)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.

CWE-6932023

CVE-2024-0014

HIGH
CVSS:8.4(High)

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution ...

CWE-6932024

CVE-2024-43584

HIGH
CVSS:8.4(High)

Windows Scripting Engine Security Feature Bypass Vulnerability

CWE-6932024

CVE-2025-27700

HIGH
CVSS:8.4(High)

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CWE-6932025