NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2025-24374

Summary	Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.
Publication Date	Jan. 30, 2025, 1:15 a.m.
Registration Date	Jan. 30, 2025, 4 a.m.
Last Update	Jan. 30, 2025, 1:15 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3
2	https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-74	インジェクション	https://cwe.mitre.org/data/definitions/74.html