CVE-2024-51755

LOW Year: 2024
CVSS v3 Score
2.2
Low
Weakness Type
CWE-668
View all →

Vulnerability Description

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2024-51754

LOW
CVSS:2.2(Low)

Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of a...

CWE-6682024

CVE-2023-32394

LOW
CVSS:2.4(Low)

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view...

CWE-6682023

CVE-2024-42350

LOW
CVSS:3.0(Low)

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without tra...

CWE-6682024

CVE-2019-4633

LOW
CVSS:3.1(Low)

IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.

CWE-6682019

CVE-2017-8418

LOW
CVSS:3.3(Low)

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

CWE-6682017

CVE-2019-8934

LOW
CVSS:3.3(Low)

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

CWE-6682019