Your submission was sent successfully! Close

CVE-2018-13982

Published: 18 September 2018

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
smarty3
Launchpad, Ubuntu, Debian
bionic
Released (3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
eoan Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
focal Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
groovy Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
hirsute Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
impish Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
jammy Not vulnerable
(3.1.33+20180830.1.3a78a21f+selfpack1-1)
precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (3.1.33)
xenial Not vulnerable
(code not present)