Vulnerability in Symfony Twig

CVE-2015-7809

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.

EPSS: 0.020 (84.2th percentile) — read the EPSS interpretation.

Affected products

Symfony Twig
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM)
DSA-3343 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20151011 Re: CVE Request: twig remote code execution (mailing-list, x_refsource_MLIST)
[oss-security] 20150821 CVE Request: twig remote code execution (mailing-list, x_refsource_MLIST)