CVE-2022-29221
Published: 24 May 2022
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Notes
| Author | Note |
|---|---|
| ccdm94 | postfixadmin does not contain embedded copies of smarty in trusty and xenial. In bionic, postfixadmin contains an embedded smarty copy at version 3.1.29, while in jammy it contains an embedded copy at version 3.1.33. In lunar and mantic this copy is at version 4.3.0. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
postfixadmin Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| impish |
Ignored
(end of life)
|
|
| bionic |
Needed
|
|
| focal |
Needed
|
|
| jammy |
Needed
|
|
| lunar |
Not vulnerable
(see notes)
|
|
| mantic |
Not vulnerable
(see notes)
|
|
| upstream |
Needed
|
|
|
smarty4 Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| lunar |
Needs triage
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
collabtive Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
|
galette Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
|
gosa Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| upstream |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
|
smarty3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| kinetic |
Released
(3.1.39-2ubuntu1.22.10.1)
|
|
| lunar |
Released
(3.1.39-2ubuntu2)
|
|
| upstream |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(3.1.39-2ubuntu1.22.04.1)
|
|
| mantic |
Released
(3.1.39-2ubuntu2)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221
- https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
- https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
- https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
- https://github.com/smarty-php/smarty/releases/tag/v3.1.45
- https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
- https://github.com/smarty-php/smarty/releases/tag/v4.1.1
- https://ubuntu.com/security/notices/USN-6012-1
- NVD
- Launchpad
- Debian