all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

USN-5947-1: Twig vulnerabilities

Add to bookmarks
March 13, 2023, 10:55 a.m. |

Ubuntu security notices ubuntu.com

Fabien Potencier discovered that Twig was not properly enforcing sandbox
policies when dealing with objects automatically cast to strings by PHP.
An attacker could possibly use this issue to expose sensitive information.
This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2019-9942)

Marlon Starkloff discovered that Twig was not properly enforcing closure
constraints in some of its array filtering functions. An attacker could
possibly use this issue to execute arbitrary code. This issue was only
fixed …

array code constraints cve functions information issue php policies sandbox sensitive information strings ubuntu usn vulnerabilities

Visit resource

More from ubuntu.com / Ubuntu security notices

USN-6729-2: Apache HTTP Server vulnerabilities 16 hours ago | ubuntu.com
advisory apache attacker attacks +14
USN-6726-3: Linux kernel (Xilinx ZynqMP) vulnerabilities 19 hours ago | ubuntu.com
attacker backend crash cve +18
USN-6726-2: Linux kernel (IoT) vulnerabilities 1 day, 10 hours ago | ubuntu.com
attacker backend crash cve +19
USN-6725-2: Linux kernel (AWS) vulnerabilities 1 day, 11 hours ago | ubuntu.com
attacker aws crash cve +20
USN-6724-2: Linux kernel vulnerabilities 1 day, 12 hours ago | ubuntu.com
attacker backend crash cve +19
USN-6736-1: klibc vulnerabilities 1 day, 20 hours ago | ubuntu.com
arbitrary code attacker code crash +8
USN-6735-1: Node.js vulnerabilities 1 day, 20 hours ago | ubuntu.com
attacker automated certificate cve +16
USN-6734-1: libvirt vulnerabilities 2 days, 15 hours ago | ubuntu.com
api attacker crash cve +8
USN-6733-1: GnuTLS vulnerabilities 2 days, 15 hours ago | ubuntu.com
attacker channel crash cve +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Ford Pro Tech and FCSD Tech – Product Manager, Cyber Security

@ Ford Motor Company | Chennai, Tamil Nadu, India
View on infosec-jobs.com

Cloud Data Encryption and Cryptography Automation Expert

@ Ford Motor Company | Chennai, Tamil Nadu, India
View on infosec-jobs.com

SecOps Analyst

@ Atheneum | Berlin, Berlin, Germany
View on infosec-jobs.com

Consulting Director, Cloud Security, Proactive Services (Unit 42)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com
View more jobs