GSA_kwCzR0hTQS00cm1nLTI5Mm0td2czd84AA8jS

High EPSS: 0.00103% (0.28788 Percentile) EPSS:

Permalink JSON

Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

Affected Packages	Affected Versions	Fixed Versions
packagist:smarty/smarty	>= 3.0.0, < 4.5.3, >= 5.0.0, < 5.1.1	4.5.3, 5.1.1
465 Dependent packages 2,359 Dependent repositories 34,452,178 Downloads total Affected Version Ranges All affected versions 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.1.21, 3.1.23, 3.1.24, 3.1.25, 3.1.26, 3.1.27, 3.1.28, 3.1.29, 3.1.30, 3.1.31, 3.1.32, 3.1.33, 3.1.34, 3.1.35, 3.1.36, 3.1.37, 3.1.38, 3.1.39, 3.1.40, 3.1.41, 3.1.42, 3.1.43, 3.1.44, 3.1.45, 3.1.46, 3.1.47, 3.1.48, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.5.2, 5.0.0, 5.0.1, 5.0.2, 5.1.0 All unaffected versions 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.33, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 5.2.0, 5.3.0, 5.3.1, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 5.5.1, 5.5.2

Impact

Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.

Patches

Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3.

References:

Identifiers

GHSA-4rmg-292m-wg3w

CVE-2024-35226

Risk

Severity

High

EPSS

EPSS Percentage: 0.00103

EPSS Percentile: 0.28788

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/smarty-php/smarty

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories