{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T23:12:11.941","vulnerabilities":[{"cve":{"id":"CVE-2024-51754","sourceIdentifier":"security-advisories@github.com","published":"2024-11-06T20:15:05.817","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue."},{"lang":"es","value":"Twig es un lenguaje de plantillas para PHP. En un entorno aislado, un atacante puede llamar a `__toString()` en un objeto incluso si la política de seguridad no permite el método `__toString()` cuando el objeto es parte de una matriz o una lista de argumentos (argumentos para una función o un filtro, por ejemplo). Este problema se ha corregido en las versiones 3.11.2 y 3.14.1. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73","source":"security-advisories@github.com"},{"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6","source":"security-advisories@github.com"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}