Bug 2051361 (CVE-2022-23614) - CVE-2022-23614 twig: Disallow non closures in `sort` filter when the sandbox mode is enabled
Summary: CVE-2022-23614 twig: Disallow non closures in `sort` filter when the sandbox...
Alias: CVE-2022-23614
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2051363 2051362
Blocks: 2051364
TreeView+ depends on / blocked
Reported: 2022-02-07 06:13 UTC by Sandipan Roy
Modified: 2022-03-02 20:24 UTC (History)
3 users (show)

Fixed In Version: twig 2.14.11, twig 3.3.8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-03-02 20:24:49 UTC

Attachments (Terms of Use)

Description Sandipan Roy 2022-02-07 06:13:01 UTC
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.


Comment 1 Sandipan Roy 2022-02-07 06:14:40 UTC
Created php-twig tracking bugs for this issue:

Affects: epel-all [bug 2051363]
Affects: fedora-all [bug 2051362]

Comment 2 Marco Benatto 2022-03-02 20:24:49 UTC
Closing this bug as NOTABUG as any Red Hat product is affected by this vulnerability.

Note You need to log in before you can comment on or make changes to this bug.