Search CVE reports
1 – 10 of 43898 results
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while...
1 affected package
rclone
| Package | 22.04 LTS |
|---|---|
| rclone | Needs evaluation |
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix...
1 affected package
rclone
| Package | 22.04 LTS |
|---|---|
| rclone | Needs evaluation |
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local...
1 affected package
rclone
| Package | 22.04 LTS |
|---|---|
| rclone | Needs evaluation |
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between...
2 affected packages
php-twig, twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |
| twig | Not in release |
Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed(), so SourcePolicyInterface...
1 affected package
php-twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing...
1 affected package
php-twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke __toString() on a Stringable object used as a mapping key...
1 affected package
php-twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy...
1 affected package
php-twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed(), allowing a sandboxed template...
1 affected package
php-twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |
Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate() and Profile::getName() into HTML output without escaping, allowing attacker-controlled template or profile...
1 affected package
php-twig
| Package | 22.04 LTS |
|---|---|
| php-twig | Needs evaluation |