Zurück zur CVE-Übersicht
CVE-2026-46637
NONERisk Signal Score10/100 — NIEDRIG
- Weniger als 24 Stunden alt
Beschreibung
Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with is_safe => [all], causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly escaped. This issue is fixed in version 3.26.0.
GitHub Advisories
GHSA-jv8m-2544-3pg3LOW
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
composer/twig/markdown-extra→ 3.26.0
GitHub Advisory