Baikal icon indicating copy to clipboard operation
Baikal copied to clipboard

Published 20 hours ago verified publisher icon sabre-io

Update `twig/twig` to non vulnerable version

Open Rotzbua opened this issue 2 years ago • 2 comments

Baikal version: 0.9.3

Expected behaviour:

No security warning from composer.

Current behaviour:

Found 1 security vulnerability advisory affecting 1 package.

+-------------------+----------------------------------------------------------------------------------+
| Package           | twig/twig                                                                        |
| CVE               | CVE-2022-39261                                                                   |
| Title             | Possibility to load a template outside a configured directory when using the fil |
|                   | esystem loader                                                                   |
| URL               | https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-ou |
|                   | tside-a-configured-directory-when-using-the-filesystem-loader                    |
| Affected versions | >=1.0.0,<1.44.7|>=2.0.0,<2.15.3|>=3.0.0,<3.4.3                                   |
| Reported at       | 2022-09-28T10:36:08+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Steps to reproduce:

  1. clone repo
  2. composer install
  3. composer audit

Rotzbua avatar Feb 20 '23 17:02 Rotzbua