SecBoard
Zurück zur CVE-Übersicht

CVE-2026-48805

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy calls such as twig_array_some(), twig_array_every(), and twig_check_arrow_in_sandbox() to bypass sandbox callable restrictions. This issue is fixed in version 3.27.0.

GitHub Advisories

GHSA-p42q-9prx-q5wqLOW

Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

composer/twig/twig3.27.0
GitHub Advisory

Referenzen