9 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the AESNativeCBC class due to the use of a private instance class, rather than a private static class. An attacker can cause heap exhaustion by triggering excessive memory allocati...
ROS-20250403-10
Vulnerability in the Rack::Static class of the modular interface between web servers and Rack web applications is related to with errors in relative directory path handling. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected informat...
Malicious code in plugin-bugfix-v8-static-class-fields-redefine-readonly (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9754 Malicious code in plugin-bugfix-v8-static-class-fields-redefine-readonly (npm)
--- -= Per source details. Do not edit below this line.=-...
USN-5348-1 smarty3 vulnerabilities
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. CVE-2018-13982 It was discovered that Smarty was incorrectly sanitizing the...
GHSA-4H9C-V5VG-5M6M Access to restricted PHP code by dynamic static class access in smarty
Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...
Improper Input Validation
smarty/smarty is vulnerable to improper input validation. The vulnerability exists in smartyinternaltemplateparser.php because the security settings are not properly defined which allows an attacker to the restricted code through dynamic static class...
Access to restricted PHP code by dynamic static class access
Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...
CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...