CVE-2020-28925

CVE-2020-28925

EPSS 1.1%

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a https://github.com/bolt/bolt/compare/3.7.1...3.7.2