VYPR

Twig

by Sensiolabs

Source repositories

CVEs (3)

  • CVE-2026-24425HigMay 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the…

  • CVE-2001-1537HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.01

    The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

  • CVE-2015-7809Nov 6, 2015
    risk 0.00cvss epss 0.03

    The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.