From f8761777a3fdfacc6ea92b5fec8168d6625f8229 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= Date: Tue, 5 Nov 2024 16:35:00 +0100 Subject: [PATCH] Add advisories for Twig Security Release 2024-02 --- twig/twig/CVE-2024-51754.yaml | 17 +++++++++++++++++ twig/twig/CVE-2024-51755.yaml | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 twig/twig/CVE-2024-51754.yaml create mode 100644 twig/twig/CVE-2024-51755.yaml diff --git a/twig/twig/CVE-2024-51754.yaml b/twig/twig/CVE-2024-51754.yaml new file mode 100644 index 000000000..c75c9aefd --- /dev/null +++ b/twig/twig/CVE-2024-51754.yaml @@ -0,0 +1,17 @@ +title: Unguarded calls to __toString() when nesting an object into an array +link: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array +cve: CVE-2024-51754 +branches: + 1.x: + time: ~ + versions: ['>=1.0.0', '<2.0.0'] + 2.x: + time: ~ + versions: ['>=2.0.0', '<3.0.0'] + '3.11': + time: 2024-11-06 08:00:00 + versions: ['>=3.0.0', '<3.11.2'] + 3.x: + time: 2024-11-06 08:00:00 + versions: ['>=3.12.0', '<3.14.1'] +reference: composer://twig/twig diff --git a/twig/twig/CVE-2024-51755.yaml b/twig/twig/CVE-2024-51755.yaml new file mode 100644 index 000000000..adc67862d --- /dev/null +++ b/twig/twig/CVE-2024-51755.yaml @@ -0,0 +1,17 @@ +title: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled +link: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled +cve: CVE-2024-51755 +branches: + 1.x: + time: ~ + versions: ['>=1.0.0', '<2.0.0'] + 2.x: + time: ~ + versions: ['>=2.0.0', '<3.0.0'] + '3.11': + time: 2024-11-06 08:00:00 + versions: ['>=3.0.0', '<3.11.2'] + 3.x: + time: 2024-11-06 08:00:00 + versions: ['>=3.12.0', '<3.14.1'] +reference: composer://twig/twig