Merge pull request #735 from jderusse/security-advisories-2025-02

Add advisories for Twig Security Release 2024-02
FriendsOfPHP · Nov 6, 2024 · 89473cc · 89473cc
2 parents c0c781f + f876177
commit 89473cc
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/twig/twig/CVE-2024-51754.yaml b/twig/twig/CVE-2024-51754.yaml
@@ -0,0 +1,17 @@
+title:     Unguarded calls to __toString() when nesting an object into an array
+link:      https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array
+cve:       CVE-2024-51754
+branches:
+    1.x:
+        time:     ~
+        versions: ['>=1.0.0', '<2.0.0']
+    2.x:
+        time:     ~
+        versions: ['>=2.0.0', '<3.0.0']
+    '3.11':
+        time:     2024-11-06 08:00:00
+        versions: ['>=3.0.0', '<3.11.2']
+    3.x:
+        time:     2024-11-06 08:00:00
+        versions: ['>=3.12.0', '<3.14.1']
+reference: composer://twig/twig
diff --git a/twig/twig/CVE-2024-51755.yaml b/twig/twig/CVE-2024-51755.yaml
@@ -0,0 +1,17 @@
+title:     Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
+link:      https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled
+cve:       CVE-2024-51755
+branches:
+    1.x:
+        time:     ~
+        versions: ['>=1.0.0', '<2.0.0']
+    2.x:
+        time:     ~
+        versions: ['>=2.0.0', '<3.0.0']
+    '3.11':
+        time:     2024-11-06 08:00:00
+        versions: ['>=3.0.0', '<3.11.2']
+    3.x:
+        time:     2024-11-06 08:00:00
+        versions: ['>=3.12.0', '<3.14.1']
+reference: composer://twig/twig