vulnerability

Ubuntu: USN-5947-1 (CVE-2022-23614): Twig vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Feb 4, 2022	Mar 22, 2023	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Feb 4, 2022

Added

Mar 22, 2023

Modified

Aug 18, 2025

Description

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.

Solution

ubuntu-pro-upgrade-php-twig

References

CVE-2022-23614
https://attackerkb.com/topics/CVE-2022-23614
CWE-74
CWE-94
DEBIAN-DSA-5107
UBUNTU-USN-5947-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today