A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-23T14:31:53
Updated: 2024-08-04T22:10:08.258Z
Reserved: 2019-03-23T00:00:00
Link: CVE-2019-9942
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-03-23T15:29:00.323
Modified: 2022-04-05T20:10:01.113
Link: CVE-2019-9942
Redhat
No data.