Zurück zur CVE-Übersicht
CVE-2026-48805
NONERisk Signal Score10/100 — NIEDRIG
- Weniger als 24 Stunden alt
Beschreibung
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy calls such as twig_array_some(), twig_array_every(), and twig_check_arrow_in_sandbox() to bypass sandbox callable restrictions. This issue is fixed in version 3.27.0.
GitHub Advisories
GHSA-p42q-9prx-q5wqLOW
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
composer/twig/twig→ 3.27.0
GitHub Advisory