VDB
CVE-2022-23614
CVE-2022-23614
PUBLISHED
CVSS 8.800000190734863 HIGH
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
EPSS 21.15% · 95.8th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
21.15%
95.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Cloud | functions | |
| debian | debian_linux | 11.0 |
| twigphp | Twig | >= 2.0.0, < 2.14.11, >= 3.0.0, < 3.3.8 |
| Azure | functions | |
| twig | twig | 3.0.0, 2.0.0 |
| fedoraproject | fedora | 35, 34 |
| symfony | twig | 2.0.0, 3.0.0 |
Exploit Intelligence
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc-repo)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc-repo)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc-repo)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc-repo)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc-repo)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc-repo)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc)
- Proof of concept for CVE-2022-23614 (command injection in Twig) (github-poc)
…and 14 more exploits
Timeline
- Feb 4, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- Jul 18, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Nov 7, 2023 CVE Updated
- Dec 23, 2023 EPSS Score
- Apr 6, 2024 EPSS Score
References
- https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v url
- https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9 url
- https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 url
- FEDORA-2022-167b9becef vendor-advisory
- FEDORA-2022-47293b1d23 vendor-advisory
- FEDORA-2022-7d871d7583 vendor-advisory
- FEDORA-2022-58abb323f0 vendor-advisory
- DSA-5107 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23614 advisory
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-23614.yaml url
- https://github.com/twigphp/Twig url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD url
- https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter url