Timber, CVE-2024-45411
- CVE, Research URL
- Home page URL
- Application
- Published on
- Sep 10, 2024
- Research Description
- Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
- Affected versions
-
Min -, max 1.23.3.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Social Streams (CVE-2025-7722) , Jul 23, 2025 |
| Flow-Flow Social Feed Stream (f323f92085eab76ce72ef3e953ee307aa7c527e3) , Jun 07, 2024 |