CVE-2022-23614
Code injection in Twig
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
Twig es un lenguaje de plantillas de código abierto para PHP. Cuando está en modo sandbox, el parámetro "arrow" del filtro "sort" debe ser un cierre para evitar que atacantes puedan ejecutar funciones PHP arbitrarias. En las versiones afectadas, esta restricción no era aplicada correctamente y podía conllevar a una inyección de código PHP arbitrario. Las versiones parcheadas ahora no permiten llamar a un no cierre en el filtro "sort" como es el caso de algunos otros filtros. Es recomendado a usuarios actualizar
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-02-04 CVE Published
- 2022-07-18 First Exploit
- 2024-08-03 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/davwwwx/CVE-2022-23614 | 2022-07-18 | |
| https://github.com/4rtamis/CVE-2022-23614 | 2023-07-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9 | 2023-11-07 | |
| https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symfony Search vendor "Symfony" | Twig Search vendor "Symfony" for product "Twig" | >= 2.0.0 < 2.14.11 Search vendor "Symfony" for product "Twig" and version " >= 2.0.0 < 2.14.11" | - |
Affected
| ||||||
| Symfony Search vendor "Symfony" | Twig Search vendor "Symfony" for product "Twig" | >= 3.0.0 < 3.3.8 Search vendor "Symfony" for product "Twig" and version " >= 3.0.0 < 3.3.8" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||