CVE-2019-9942

Published March 23rd, 2019

View on NVD ↗

CVSS v3

3.7

LOW

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.

twigphp/Twig

Twig, the flexible, fast, and secure template language for PHP

GitHub

8.36K