Описание
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 |
| cosmic | ignored | end of life |
| devel | not-affected | 3.1.33+20180830.1.3a78a21f+selfpack1-1 |
| disco | not-affected | 3.1.33+20180830.1.3a78a21f+selfpack1-1 |
| eoan | not-affected | 3.1.33+20180830.1.3a78a21f+selfpack1-1 |
| esm-apps/bionic | released | 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 |
| esm-apps/focal | not-affected | 3.1.33+20180830.1.3a78a21f+selfpack1-1 |
| esm-apps/jammy | not-affected | 3.1.33+20180830.1.3a78a21f+selfpack1-1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...
Уязвимость реализации метода isTrustedResourceDir класса Smarty_Security обработчика шаблонов для PHP Smarty, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5 Medium
CVSS2
7.5 High
CVSS3