Bugs fixes in "smarty3"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 2022-03-28 |
| CVE | CVE-2021-21408 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0. | 2022-03-28 |
| CVE | CVE-2018-16831 | Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | 2022-03-28 |
| CVE | CVE-2018-13982 | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitiza | 2022-03-28 |
| CVE | CVE-2021-29454 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0. | 2022-03-28 |
| CVE | CVE-2021-26120 | Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 2022-03-28 |
| CVE | CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 2022-03-28 |
| CVE | CVE-2021-21408 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0. | 2022-03-28 |
| CVE | CVE-2018-16831 | Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | 2022-03-28 |
| CVE | CVE-2018-13982 | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitiza | 2022-03-28 |
About
-
Send Feedback to @ubuntu_updates
