### [CVE-2024-45411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45411)
![](https://img.shields.io/static/v1?label=Product&message=Twig&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%201.0.0%2C%20%3C%201.44.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%3A%20Protection%20Mechanism%20Failure&color=brighgreen)

### Description

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/KatenKyoukotsu/devsecops