Skip to content

Zenario uses Twig filters insecurely in the Twig Snippet plugin

Moderate severity GitHub Reviewed Published May 4, 2024 to the GitHub Advisory Database • Updated May 6, 2024

Package

composer tribalsystems/zenario (Composer)

Affected versions

< 9.5.60437

Patched versions

9.5.60437

Description

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

References

Published by the National Vulnerability Database May 4, 2024
Published to the GitHub Advisory Database May 4, 2024
Last updated May 6, 2024
Reviewed May 6, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2024-34461

GHSA ID

GHSA-hr2r-w6wc-25pv

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.