CVE-2018-13818

Published July 10th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it

twigphp/Twig

Twig, the flexible, fast, and secure template language for PHP

GitHub

8.36K