CVE-2018-13982
Published: 18 September 2018
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Priority
Status
Package | Release | Status |
---|---|---|
smarty3 Launchpad, Ubuntu, Debian |
bionic |
Released
(3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1)
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
eoan |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
focal |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
groovy |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
hirsute |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
impish |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
jammy |
Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Released
(3.1.33)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe upstream: https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8 upstream: https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50 upstream: https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |