WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Disallow non closures in `sort` filter when the sandbox mode is enabled

High
fabpot published GHSA-5mv2-rx3q-4w2v Feb 4, 2022

Package

composer twig/twig (Composer)

Affected versions

>2.0.0,<2.14.11 || >3.0.0,<3.3.8

Patched versions

2.14.11,3.3.8

Description

Description

When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions.

Resolution

We now disallow calling non Closure in the sort filter like we already did for some other filters.

Credits

We would like to thank Marlon Starkloff for reporting the issue and Fabien Potencier for fixing the issue.

Severity

High

CVE ID

CVE-2022-23614

Weaknesses

No CWEs