8.6

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-45411

CVE-2024-45411: Twig has a possible sandbox bypass

Description

Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions.

The security issue happens when all these conditions are met:

The sandbox is disabled globally;
The sandbox is enabled via a sandboxed include() function which references a template name (like included.twig) and not a Template or TemplateWrapper instance;
The included template has been loaded before the include() call but in a non-sandbox context (possible as the sandbox has been globally disabled).

Resolution

The patch ensures that the sandbox security checks are always run at runtime.

Credits

We would like to thank Fabien Potencier for reporting and fixing the issue.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-45411

CVE-2024-45411:

8.6

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
twig/twig	composer	>= 1.0.0, < 1.44.8	1.44.8
twig/twig	composer	>= 2.0.0, < 2.16.1	2.16.1
twig/twig	composer	>= 3.12.0, < 3.14.0	3.14.0
twig/twig	composer	>= 3.0.0, < 3.11.1	3.11.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how security checks were handled in the include() function. The original implementation (pre-patch) checked security during template preparation via a loop that only validated Template/TemplateWrapper instances. When including templates by name (not instances) that had been cached without sandbox context, these checks were skipped. The commit diff shows the security check (checkSecurity()) was moved from the preparation phase to the runtime phase after template loading, ensuring enforcement regardless of how the template was referenced. The test cases added in CoreTest.php validate that security errors now occur at runtime when preloading occurs, confirming the function's behavior was the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-45411: Twig has a possible sandbox bypass

Description

Resolution

Credits

CVE-2024-45411:

8.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

8.6

8.6

CVE-2024-45411: Twig has a possible sandbox bypass

Description

Resolution

Credits

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI