8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.0%
smarty/smarty is vulnerable to arbitrary code injection. The vulnerability exists due to incorrect logic in block name and include file name assignments in setting buffer for template function which allows an attacker to inject and execute malicious code.
github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
github.com/smarty-php/smarty/releases/tag/v3.1.45
github.com/smarty-php/smarty/releases/tag/v4.1.1
github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
lists.debian.org/debian-lts-announce/2022/05/msg00044.html
lists.fedoraproject.org/archives/list/[email protected]/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/
lists.fedoraproject.org/archives/list/[email protected]/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/
security.gentoo.org/glsa/202209-09
www.debian.org/security/2022/dsa-5151
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.0%