CVE-2021-21408

Published: Jan 10, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.

Affected (7)

Products: Smarty: Smarty · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Smarty Smarty	Before 3.1.43
Smarty Smarty	From 4.0.0 to 4.0.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/smarty-php/smarty/releases/tag/v3.1.43

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/smarty-php/smarty/releases/tag/v4.0.3

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m

Source: security-advisories@github.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/

Source: security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/

Source: security-advisories@github.com

https://security.gentoo.org/glsa/202209-09

Source: security-advisories@github.com

Third Party Advisory

https://www.debian.org/security/2022/dsa-5151

Source: security-advisories@github.com

Third Party Advisory

https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/smarty-php/smarty/releases/tag/v3.1.43

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/smarty-php/smarty/releases/tag/v4.0.3

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202209-09

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2022/dsa-5151

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.