| Release | Version |
|---|---|
| jessie | 1.16.2-1+deb8u1 |
| stretch | 1.24.0-2+deb9u1 |
| buster | 2.6.2-2 |
| buster (security) | 2.6.2-2+deb10u1 |
| Bug | jessie | stretch | buster | Description |
|---|---|---|---|---|
| CVE-2022-39261 | vulnerable | vulnerable | fixed | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ... |
| CVE-2022-23614 | vulnerable | fixed | fixed | Twig is an open source template language for PHP. When in a sandbox mo ... |
| CVE-2019-9942 | vulnerable (no DSA) | fixed | fixed | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x ... |
| Bug | jessie | stretch | buster | Description |
|---|---|---|---|---|
| CVE-2018-13818 | vulnerable | vulnerable | fixed | Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ... |
| Bug | Description |
|---|---|
| CVE-2015-7809 | The displayBlock function Template.php in Sensio Labs Twig before 1.20 ... |
| DSA / DLA | Description |
|---|---|
| DLA-3147-1 | twig - security update |
| DSA-4419-1 | twig - security update |
| DSA-3343-1 | twig - security update |