Описание
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
| Релиз | Статус | Примечание |
|---|---|---|
| esm-apps/xenial | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| esm-apps/xenial | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| impish | ignored | end of life |
| jammy | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | see notes |
| esm-apps/bionic | released | 3.0.2-2ubuntu0.1~esm1 |
| esm-apps/focal | released | 3.2.1-3ubuntu0.1~esm1 |
| esm-apps/jammy | released | 3.3.10-2ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | see notes |
| esm-apps/xenial | not-affected | code not present |
| focal | ignored | end of standard support, was needed |
| impish | ignored | end of life |
| jammy | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | released | 3.1.39-2ubuntu2 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | released | 3.1.39-2ubuntu1.22.04.1 |
| esm-apps/noble | released | 3.1.39-2ubuntu2 |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| impish | ignored | end of life |
| jammy | released | 3.1.39-2ubuntu1.22.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.5.4-1 |
| esm-apps/noble | not-affected | 4.3.1-1 |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | not-affected | 4.3.1-1 |
| oracular | not-affected | 4.3.1-1 |
| plucky | not-affected | 4.5.4-1 |
| questing | not-affected | 4.5.4-1 |
| upstream | released | 4.1.1 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Smarty is a template engine for PHP, facilitating the separation of pr ...
PHP Code Injection by malicious block or filename in Smarty
Уязвимость обработчика шаблонов для PHP Smarty, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3