Vulnerabilites related to smarty-php - smarty
cve-2021-21408
Vulnerability from cvelistv5
Published
2022-01-10 00:00
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smarty-php | smarty |
Version: < 3.1.43 Version: >= 4.0.0, < 4.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:16.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3"
},
{
"name": "[debian-lts-announce] 20220505 [SECURITY] [DLA 2995-1] smarty3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html"
},
{
"name": "DSA-5151",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"name": "GLSA-202209-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-09"
},
{
"name": "FEDORA-2022-52154efd61",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"
},
{
"name": "FEDORA-2022-d5fc9dcdd7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "smarty",
"vendor": "smarty-php",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.43"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m"
},
{
"url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664"
},
{
"url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43"
},
{
"url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3"
},
{
"name": "[debian-lts-announce] 20220505 [SECURITY] [DLA 2995-1] smarty3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html"
},
{
"name": "DSA-5151",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"name": "GLSA-202209-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-09"
},
{
"name": "FEDORA-2022-52154efd61",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"
},
{
"name": "FEDORA-2022-d5fc9dcdd7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"
}
],
"source": {
"advisory": "GHSA-4h9c-v5vg-5m6m",
"discovery": "UNKNOWN"
},
"title": "Access to restricted PHP code by dynamic static class access in smarty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21408",
"datePublished": "2022-01-10T00:00:00",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:16.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28447
Vulnerability from cvelistv5
Published
2023-03-28 20:07
Modified
2025-02-13 16:48
Severity ?
EPSS score ?
Summary
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smarty-php | smarty |
Version: >= 4.0.0, < 4.3.1 Version: < 3.1.48 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj"
},
{
"name": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "smarty",
"vendor": "smarty-php",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.3.1"
},
{
"status": "affected",
"version": "\u003c 3.1.48"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user\u0027s browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application\u0027s behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T03:06:39.782Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj"
},
{
"name": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/"
}
],
"source": {
"advisory": "GHSA-7j98-h7fp-4vwj",
"discovery": "UNKNOWN"
},
"title": "Cross site scripting vulnerability in Javascript escaping in smarty/smarty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28447",
"datePublished": "2023-03-28T20:07:39.103Z",
"dateReserved": "2023-03-15T15:59:10.057Z",
"dateUpdated": "2025-02-13T16:48:42.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35226
Vulnerability from cvelistv5
Published
2024-05-28 20:55
Modified
2024-09-03 18:10
Severity ?
EPSS score ?
Summary
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w | x_refsource_CONFIRM | |
| https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smarty-php | smarty |
Version: >= 5.0.0, < 5.1.1 Version: >= 3.0.0, < 4.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w"
},
{
"name": "https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smarty-php:smarty:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smarty",
"vendor": "smarty-php",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.3",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:08:18.966927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:10:29.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "smarty",
"vendor": "smarty-php",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.1"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 4.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T20:55:00.884Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w"
},
{
"name": "https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a"
}
],
"source": {
"advisory": "GHSA-4rmg-292m-wg3w",
"discovery": "UNKNOWN"
},
"title": "PHP Code Injection by malicious attribute in extends-tag in Smarty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35226",
"datePublished": "2024-05-28T20:55:00.884Z",
"dateReserved": "2024-05-14T15:39:41.784Z",
"dateUpdated": "2024-09-03T18:10:29.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29454
Vulnerability from cvelistv5
Published
2022-01-10 00:00
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smarty-php | smarty |
Version: < 3.1.42 Version: >= 4.0.0, < 4.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.42"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://packagist.org/packages/smarty/smarty"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.smarty.net/docs/en/language.function.math.tpl"
},
{
"name": "[debian-lts-announce] 20220505 [SECURITY] [DLA 2995-1] smarty3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html"
},
{
"name": "DSA-5151",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"name": "GLSA-202209-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-09"
},
{
"name": "FEDORA-2022-52154efd61",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"
},
{
"name": "FEDORA-2022-d5fc9dcdd7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "smarty",
"vendor": "smarty-php",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.42"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m"
},
{
"url": "https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71"
},
{
"url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.42"
},
{
"url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.2"
},
{
"url": "https://packagist.org/packages/smarty/smarty"
},
{
"url": "https://www.smarty.net/docs/en/language.function.math.tpl"
},
{
"name": "[debian-lts-announce] 20220505 [SECURITY] [DLA 2995-1] smarty3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html"
},
{
"name": "DSA-5151",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"name": "GLSA-202209-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-09"
},
{
"name": "FEDORA-2022-52154efd61",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"
},
{
"name": "FEDORA-2022-d5fc9dcdd7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"
}
],
"source": {
"advisory": "GHSA-29gp-2c3m-3j6m",
"discovery": "UNKNOWN"
},
"title": "Sandbox Escape by math function in smarty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29454",
"datePublished": "2022-01-10T00:00:00",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29221
Vulnerability from cvelistv5
Published
2022-05-24 00:00
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smarty-php | smarty |
Version: < 3.1.45 Version: >= 4.0.0, < 4.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3033-1] smarty3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html"
},
{
"name": "DSA-5151",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"name": "GLSA-202209-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-09"
},
{
"name": "FEDORA-2022-52154efd61",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"
},
{
"name": "FEDORA-2022-d5fc9dcdd7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "smarty",
"vendor": "smarty-php",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.45"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c"
},
{
"url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd"
},
{
"url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45"
},
{
"url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1"
},
{
"name": "[debian-lts-announce] 20220529 [SECURITY] [DLA 3033-1] smarty3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html"
},
{
"name": "DSA-5151",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"name": "GLSA-202209-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-09"
},
{
"name": "FEDORA-2022-52154efd61",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"
},
{
"name": "FEDORA-2022-d5fc9dcdd7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"
}
],
"source": {
"advisory": "GHSA-634x-pc3q-cf4c",
"discovery": "UNKNOWN"
},
"title": "PHP Code Injection by malicious block or filename in Smarty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29221",
"datePublished": "2022-05-24T00:00:00",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}