Skip to main content
CVE-2019-9942 LOW PATCH Monitor

A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Twig Debian Linux
NVD GitHub
CVSS 3.1
3.7
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy