ByteOS Network

NVD Vulnerability Details :

CVE-2024-51754

Awaiting Analysis

Source-security-advisories@github.com

Published At-06 Nov, 2024 | 20:15

Updated At-29 May, 2025 | 09:15

Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	2.2	LOW	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 2.2

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-668	Secondary	security-advisories@github.com

CWE ID: CWE-668

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73	security-advisories@github.com	N/A
https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6	security-advisories@github.com	N/A
https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html	af854a3a-2127-422b-91ae-364da2661108	N/A