← volver
CVE-2025-24374

Twig fixes a security issue where escaping was missing when using null coalesce operator (??)

CVSS 4.3 MEDIUMEPSS 0.3%CWE-74
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Productos afectados
twigphp · Twig

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr