Twig, Sandbox Bypass Vulnerability, CVE-2024-45411 (Critical)

Listen to this Post

The vulnerability stems from an incomplete fix for a previous sandbox bypass issue (CVE-2024-45411/GHSA-6j75-5wfj-gh66). The original fix added an explicit `$loaded->unwrap()->checkSecurity()` call in `CoreExtension::include()` to re-check a template’s security when it is included in a sandboxed context (sandboxed = true). However, the deprecated but still functional `{% sandbox %}{% include … %}{% endsandbox %}` tag path was not updated. Its compiled output—enableSandbox(); yield from $this->load(...)->unwrap()->yield(...); disableSandbox();—does not re-invoke checkSecurity(). If the included template was previously loaded outside the sandbox (i.e., in a non‑sandbox context, which is possible because the sandbox may be globally disabled), its constructor and the compiled `checkSecurity()` call have already run with isSandboxed() = false. Consequently, the allowlist enforced by `SecurityPolicy::checkSecurity()` is never applied. An attacker who can author an included template can therefore bypass the sandbox and gain access to every filter, function, and tag registered in the environment, regardless of the sandbox policy.

DailyCVE form:

Platform: Twig
Version: ≤1.44.7 ≤2.16.0 ≤3.13.0
Vulnerability: Sandbox Bypass
Severity: Critical
date: 2024-09-09

Prediction: Patch date 2024-09-09

What Undercode Say:

Check your Twig version with:

composer show twig/twig | grep versions

Update to a patched version:

composer update twig/twig

Vulnerable Twig template pattern:

{% sandbox %}{% include 'malicious.twig' %}{% endsandbox %}

PHP code that reproduces the issue:

$twig = new Twig\Environment($loader);
$twig->addExtension(new Twig\Extension\SandboxExtension($policy, false));
$template = $twig->load('included.twig'); // Loaded outside sandbox
echo $twig->render('{% sandbox %}{% include "included.twig" %}{% endsandbox %}');

Exploit:

An attacker who can supply a template (e.g., via a file upload or a user‑controlled content field) includes it inside a `{% sandbox %}` block. Because the template was previously loaded in a non‑sandboxed context (or the sandbox is globally disabled), the security checks are not re‑applied. The attacker can then invoke arbitrary Twig tags, filters, and functions—such as system(), include(), or any other sensitive functionality exposed to the environment—effectively escaping the sandbox.

Protection from this CVE:

  • Upgrade Twig to version 1.44.8, 2.16.1, 3.14.0, or later.
  • If immediate patching is not possible, avoid using the deprecated `{% sandbox %}…{% endsandbox %}` tag and always use `include()` with the `sandboxed` parameter explicitly set to true.
  • Review all templates that are loaded and cached before being included in a sandboxed context; ensure they are never loaded outside the sandbox when untrusted content is involved.
  • Consider disabling the sandbox globally and only enabling it on a per‑include basis, which limits the attack surface.

Impact:

Successful exploitation allows an attacker to bypass the Twig sandbox completely and execute arbitrary code on the server (e.g., run system commands, read/write files, or perform network requests), leading to full server compromise. The vulnerability is particularly critical in multi‑tenant applications where different users can contribute templates or in CMS platforms that allow user‑submitted Twig code.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top