Bug 2051361 (CVE-2022-23614) - CVE-2022-23614 twig: Disallow non closures in `sort` filter when the sandbox mode is enabled
Summary: CVE-2022-23614 twig: Disallow non closures in `sort` filter when the sandbox...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-23614
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2051363 2051362
Blocks: 2051364
TreeView+ depends on / blocked
 
Reported: 2022-02-07 06:13 UTC by Sandipan Roy
Modified: 2022-03-02 20:24 UTC (History)
3 users (show)

Fixed In Version: twig 2.14.11, twig 3.3.8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-02 20:24:49 UTC


Attachments (Terms of Use)

Description Sandipan Roy 2022-02-07 06:13:01 UTC
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.

https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5
https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9
https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v

Comment 1 Sandipan Roy 2022-02-07 06:14:40 UTC
Created php-twig tracking bugs for this issue:

Affects: epel-all [bug 2051363]
Affects: fedora-all [bug 2051362]

Comment 2 Marco Benatto 2022-03-02 20:24:49 UTC
Closing this bug as NOTABUG as any Red Hat product is affected by this vulnerability.


Note You need to log in before you can comment on or make changes to this bug.