mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-29 05:56:17 +00:00
64 lines
2.0 KiB
JSON
64 lines
2.0 KiB
JSON
{
|
|
"id": "CVE-2025-24374",
|
|
"sourceIdentifier": "security-advisories@github.com",
|
|
"published": "2025-01-29T16:15:44.090",
|
|
"lastModified": "2025-01-29T16:15:44.090",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Twig es un lenguaje de plantillas para PHP. Al utilizar el operador ??, no se pod\u00eda escapar la salida de la expresi\u00f3n del lado izquierdo del operador. Esta vulnerabilidad se ha corregido en la versi\u00f3n 3.19.0."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-74"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr",
|
|
"source": "security-advisories@github.com"
|
|
}
|
|
]
|
|
} |