CVE-2022-23614
HIGH8.8EPSS 21.1%Code injection in Twig
發布日:2022/2/10修改日:2024/2/16
描述
# Description When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. # Resolution We now disallow calling non Closure in the `sort` filter like we already did for some other filters. # Credits We would like to thank Marlon Starkloff for reporting the issue and Fabien Potencier for fixing the issue.
受影響套件(3)
- Debian/php-twigfrom 0, < 2.14.3-1+deb11u1
- Debian/php-twigfrom 0, < 2.14.3-1+deb11u1
- Packagist/twig/twig>= 2.0.0, < 2.14.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23614
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-23614
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-23614.yaml
- WEBhttps://github.com/twigphp/Twig
- WEBhttps://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9
- WEBhttps://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5
- WEBhttps://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD
- WEBhttps://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter
- WEBhttps://www.debian.org/security/2022/dsa-5107