Your submission was sent successfully! Close

CVE-2021-26119

Published: 22 February 2021

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
smarty3
Launchpad, Ubuntu, Debian
bionic
Released (3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(3.1.39-2)
jammy Not vulnerable
(3.1.39-2)
precise Does not exist

trusty Does not exist

upstream
Released (3.1.39)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad