WRITEUP

WRITEUP

Exploit for CVE-2024-51755 - Twig <3.11.2, <3.14.1 - Info Disclosure

AI Analysis

This patch addresses a sandbox bypass vulnerability in Twig's attribute access logic, specifically for objects implementing ArrayAccess. The fix ensures sandbox checks are performed before isset() checks and restricts ArrayAccess behavior to prevent unauthorized property access.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1552.001 - Credentials In Files

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21

Authors

Nicolas Grekas

Vulnerability

CVE-2024-51755

Twig <3.11.2, <3.14.1 - Info Disclosure

LOW

CVSS 2.2