Описание
Path manipulation in matyhtf/framework
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-43676
- https://github.com/matyhtf/framework/issues/206
- https://github.com/matyhtf/framework/commit/25084603b7ea771eebe263d39744fe6abf1f8d61
- https://github.com/FriendsOfPHP/security-advisories/blob/master/matyhtf/framework/CVE-2021-43676.yaml
- https://github.com/advisories/GHSA-mh9j-v6mq-pfch
Пакеты
Наименование
matyhtf/framework
composer
Затронутые версииВерсия исправления
< 3.0.6
3.0.6
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.