Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-6j75-5wfj-gh66

GitHub Security Advisory

Twig has a possible sandbox bypass

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Description

Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions.

The security issue happens when all these conditions are met:

* The sandbox is disabled globally;
* The sandbox is enabled via a sandboxed `include()` function which references a template name (like `included.twig`) and not a `Template` or `TemplateWrapper` instance;
* The included template has been loaded before the `include()` call but in a non-sandbox context (possible as the sandbox has been globally disabled).

### Resolution

The patch ensures that the sandbox security checks are always run at runtime.

### Credits

We would like to thank Fabien Potencier for reporting and fixing the issue.

Affected Packages

Packagist twig/twig
Affected versions: 1.0.0 (fixed in 1.44.8)
Packagist twig/twig
Affected versions: 2.0.0 (fixed in 2.16.1)
Packagist twig/twig
Affected versions: 3.12.0 (fixed in 3.14.0)
Packagist twig/twig
Affected versions: 3.0.0 (fixed in 3.11.1)

Related CVEs

CVE-2024-45411

Key Information

GHSA ID
GHSA-6j75-5wfj-gh66
Published
September 9, 2024 8:19 PM
Last Modified
October 10, 2024 2:50 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
twig/twig
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.