You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
CVE-2022-29221 - High Severity Vulnerability
Smarty - the compiling PHP template engine
Library home page: https://api.github.com/repos/smarty-php/smarty/zipball/99085d8dc65eeb5e55ae3cba74d3dc6b3bb0205e
Dependency Hierarchy:
Found in base branch: main
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Publish Date: 2022-05-24
URL: CVE-2022-29221
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-634x-pc3q-cf4c
Release Date: 2022-05-24
Fix Resolution: v3.1.45;v4.1.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: