GHSA lookup
GHSA-2Q52-X2FF-QGFR
Pruva has a verified reproduction for GHSA-2Q52-X2FF-QGFR: Twig: sandbox bypass via SourcePolicy filter check enables arbitrary PHP callables. The canonical evidence record is REPRO-2026-00151.
REPRO
REPRO-2026-00151
Package
twig/twig · composer
Severity
HIGH
Status
published