Описание
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| smarty4 | fixed | 4.1.1-1 | package | |
| smarty3 | fixed | 3.1.45-1 | package |
Примечания
https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m
https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664 (v4.0.3)
https://github.com/smarty-php/smarty/commit/28519ca00fe6890ef2d464f8400a16188c4b6f36 (v3.1.43)
Связанные уязвимости
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Access to restricted PHP code by dynamic static class access in smarty