Ubuntu update for php-twig



Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-9942
CVE-2022-23614
CVE-2022-39261
CWE-ID CWE-200
CWE-254
CWE-22
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

php-twig (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU73271

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-9942

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to sandbox information disclosure via the __toString() method call on an object that even can be disabled by the security policy in place. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package php-twig to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 22.04

php-twig (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5947-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security features bypass

EUVDB-ID: #VU61609

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2022-23614

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to missing security restrictions for non closures in "sort" filter when using a sandbox mode. A remote attacker can pass specially crafted data to the application and execute arbitrary PHP code on the system.

Mitigation

Update the affected package php-twig to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 22.04

php-twig (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5947-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Path traversal

EUVDB-ID: #VU67723

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-39261

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences when loading templates. A remote attacker can use the "source" or "include" statement to read arbitrary files on the system.

Mitigation

Update the affected package php-twig to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 22.04

php-twig (Ubuntu package): before Ubuntu Pro

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5947-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###