CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
Configurations

Configuration 1 (hide)

cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:52

Type Values Removed Values Added
Summary ** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it. Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it

Information

Published : 2018-07-10 14:29

Updated : 2024-08-05 10:15


NVD link : CVE-2018-13818

Mitre link : CVE-2018-13818

CVE.ORG link : CVE-2018-13818


JSON object : View

Products Affected

symfony

  • twig
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')