CVE-2019-9942

Related Files

Ubuntu Security Notice USN-5947-1

Posted Mar 13, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5947-1 - Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Marlon Starkloff discovered that Twig was not properly enforcing closure constraints in some of its array filtering functions. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM.

tags | advisory, arbitrary, php

systems | linux, ubuntu

advisories | CVE-2019-9942, CVE-2022-23614, CVE-2022-39261

SHA-256 | 7a722306f91b4b68b54cf4c80bd0a21077ab7a7fe2101b19ae983b91763a9031

Download | Favorite | View

Debian Security Advisory 4419-1

Posted Apr 1, 2019

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4419-1 - Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.

tags | advisory, php, info disclosure

systems | linux, debian

advisories | CVE-2019-9942

SHA-256 | 65f39fb8b850fd411e14f6fba9aba785289c666dd278cc53224a7db303a3e98c

Download | Favorite | View