SecBoard
Zurück zur CVE-Übersicht

CVE-2026-46637

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with is_safe => [all], causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly escaped. This issue is fixed in version 3.26.0.

GitHub Advisories

GHSA-jv8m-2544-3pg3LOW

Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

composer/twig/markdown-extra3.26.0
GitHub Advisory

Referenzen