FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pear-twig -- remote code execution

Affected packages
pear-twig-twig < 1.20.0


VuXML ID 705b759c-7293-11e5-a371-14dae9d210b8
Discovery 2015-08-12
Entry 2015-10-14

Fabien Potencier reports:

End users can craft valid Twig code that allows them to execute arbitrary code (RCEs) via the _self variable, which is always available, even in sandboxed templates.


CVE Name CVE-2015-7809