Merge pull request #123 from AikidoSec/intel-new-vuln-improper-validation-twig

New Vuln: Improp. Input Validation in twig (php)

Author: sampion88

vulnerabilities/AIKIDO-2025-10061.json

@@ -0,0 +1,26 @@
+{
+  "package_name": "twig/twig",
+  "patch_versions": [
+    "3.19.0"
+  ],
+  "vulnerable_ranges": [
+    [
+      "3.17.0",
+      "3.18.0"
+    ]
+  ],
+  "cwe": [
+    "CWE-20"
+  ],
+  "tldr": "Affected versions of this package are affected by a design flaw that arises from inadequate input validation, specifically relating to the improper handling of escaping and null values when processing dynamic inputs in conjunction with the `??` operator. This vulnerability exposes the system to potential exploitation by malicious actors, who may leverage the weaknesses to execute Cross-Site Scripting (XSS) or Frame Injection (Clickjacking) attacks.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `twig/twig` library to the patch version.",
+  "vulnerable_to": "Improper Input Validation",
+  "related_cve_id": "",
+  "language": "php",
+  "severity_class": "MEDIUM",
+  "aikido_score": 40,
+  "changelog": "https://github.com/twigphp/Twig/blob/3.x/CHANGELOG",
+  "last_modified": "2025-01-30",
+  "published": "2025-01-30"
+}