Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 24.10, 24.04 LTS Security Advisory for Twig Information Exposure

ubuntu
Calendar Grey June 2, 2025
Dist Ubuntu Esm H88
The Twig framework may leak confidential data via specially designed files; it's advisable to upgrade both Ubuntu 24.10 and 24.04 LTS editions.
Twig could be made to expose sensitive information if it opened a specially crafted file.

Summary

Twig could be made to expose sensitive information if it opened

a specially crafted file.

Software Description:

- php-twig: Flexible, fast, and secure template engine for PHP

Details:

It was discovered that Twig did not correctly handle securing

user input. An attacker could possibly use this issue to cause

Twig to expose sensitive information if it opened a specially

crafted file. (CVE-2024-45411)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   php-twig                        3.8.0-3ubuntu1

Ubuntu 24.04 LTS
   php-twig                        3.8.0-2ubuntu1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7549-1

  CVE-2024-45411

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7549-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here