Skip to content

A specially constructed input could bypass the sandbox

Moderate
dg published GHSA-36m2-8rhx-f36j Jan 4, 2022

Package

composer latte/latte (Composer)

Affected versions

>= 2.8.0, < 2.8.8 >= 2.9.0, < 2.9.6 >= 2.10.0, < 2.10.8

Patched versions

2.10.8, 2.9.6., 2.8.8

Description

Impact

The problem affects users who use the sandbox in Latte and templates from untrusted sources.

Patches

Sandbox first appeared in Latte 2.8.0. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8.

References

The issues were discovered by

Severity

Moderate

CVE ID

CVE-2022-21648

Weaknesses