Security controls bypass or absence In twig/twig
Description
Twig: Sandbox property and method bypass via object-destructuring assignment
Description
The object-destructuring assignment syntax introduced in Twig 3.24.0 generates a call to CoreExtension::getAttribute() with the $sandboxed argument hardcoded to false, regardless of whether a SandboxExtension is active. This permanently disables the sandbox's property and method policy checks for every destructuring expression.
ObjectDestructuringSetBinary::compile() emits:
CoreExtension::getAttribute($this->env, $this->source, ..., \Twig\Template::ANY_CALL, false, false, false, ...); // ^^^^^ // sandbox check never runs
Whereas GetAttrExpression::compile() correctly passes $env->hasExtension(SandboxExtension::class).
An attacker with write access to a sandboxed Twig template can read any public property or invoke any public getter on objects passed to the template engine, bypassing SecurityPolicy restrictions. The exploit requires only the {% do %} tag to be in allowedTags, which is a common configuration.
Resolution
The destructuring compiler now forwards the active sandbox flag to getAttribute() so property/method allowlists are enforced.
Credits
Twig would like to thank Anvil Secure in collaboration with Claude and Anthropic Research for reporting and fixing the issue.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | 3.26.0 |
Aliases
References