CVE-2018-13982
published 2018-09-18CVE-2018-13982: Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.46%
87.6th percentile
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | smarty3 | < smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bookworm) | smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bookworm) |
| smarty | smarty | < 3.1.33 | 3.1.33 |
| smarty | smarty | >= 0 < 3.1.33 | 3.1.33 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Smarty vulnerabilities
vendor_ubuntu·2022-06-21·CVSS 7.5
CVE-2021-26120 [HIGH] Smarty vulnerabilities
Title: Smarty vulnerabilities
Summary: Several security issues were fixed in Smarty.
USN-5348-1 fixed several vulnerabilities in Smarty. This update provides
the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and
CVE-2021-29454 for Ubuntu 20.04 ESM.
Original advisory details:
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating
Ubuntu
Smarty vulnerabilities
vendor_ubuntu·2022-03-28·CVSS 7.5
CVE-2021-21408 [HIGH] Smarty vulnerabilities
Title: Smarty vulnerabilities
Summary: Several security issues were fixed in Smarty.
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating security policy
data, allowing the execution of static classes even when not permitted by
the security settings. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-21408)
It
Ubuntu
Smarty vulnerabilities
vendor_ubuntu·2022-03-28·CVSS 7.5
CVE-2021-26120 [HIGH] Smarty vulnerabilities
Title: Smarty vulnerabilities
Summary: Several security issues were fixed in Smarty.
USN-5348-1 fixed several vulnerabilities in Smarty. This update provides
the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and
CVE-2021-29454 for Ubuntu 16.04 ESM.
Original advisory details:
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating
Debian
CVE-2018-13982: smarty3 - Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a pa...
vendor_debian·2018·CVSS 7.5
CVE-2018-13982 [HIGH] CVE-2018-13982: smarty3 - Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a pa...
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Scope: local
bookworm: resolved (fixed in 3.1.33+20180830.1.3a78a21f+selfpack1-1)
bullseye: resolved (fixed in 3.1.33+20180830.1.3a78a21f+selfpack1-1)
forky: resolved (fixed in 3.1.33+20180830.1.3a78a21f+selfpack1-1)
sid: resolved (fixed in 3.1.33+20180830.1.3a78a21f+selfpack1-1)
trixie: resolved (fixed in 3.1.33+20180830.1.3a78a21f+selfpack1-1)
OSV
smarty3 vulnerabilities
osv·2022-06-21·CVSS 7.5
CVE-2021-21408 [HIGH] smarty3 vulnerabilities
smarty3 vulnerabilities
USN-5348-1 fixed several vulnerabilities in Smarty. This update provides
the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and
CVE-2021-29454 for Ubuntu 20.04 ESM.
Original advisory details:
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating security policy
data, allowing the execution of static classe
OSV
Smarty Path Traversal Vulnerability
osv·2022-05-13
CVE-2018-13982 [HIGH] Smarty Path Traversal Vulnerability
Smarty Path Traversal Vulnerability
`Smarty_Security::isTrustedResourceDir()` in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
GHSA
Smarty Path Traversal Vulnerability
ghsa·2022-05-13
CVE-2018-13982 [HIGH] CWE-22 Smarty Path Traversal Vulnerability
Smarty Path Traversal Vulnerability
`Smarty_Security::isTrustedResourceDir()` in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
OSV
smarty3 vulnerabilities
osv·2022-03-28·CVSS 7.5
CVE-2018-13982 [HIGH] smarty3 vulnerabilities
smarty3 vulnerabilities
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating security policy
data, allowing the execution of static classes even when not permitted by
the security settings. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-21408)
It was discovered that Smarty was incorrectly managing access con
OSV
smarty3 vulnerabilities
osv·2022-03-28·CVSS 7.5
CVE-2021-21408 [HIGH] smarty3 vulnerabilities
smarty3 vulnerabilities
USN-5348-1 fixed several vulnerabilities in Smarty. This update provides
the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and
CVE-2021-29454 for Ubuntu 16.04 ESM.
Original advisory details:
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating security policy
data, allowing the execution of static classe
OSV
CVE-2018-13982: Smarty_Security::isTrustedResourceDir() in Smarty before 3
osv·2018-09-18·CVSS 7.5
CVE-2018-13982 [HIGH] CVE-2018-13982: Smarty_Security::isTrustedResourceDir() in Smarty before 3
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
bugzilla·2018-09-19·CVSS 7.5
CVE-2018-13982 [HIGH] CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affec
Bugzilla
CVE-2018-13982 php-smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir()
bugzilla·2018-09-19·CVSS 7.5
CVE-2018-13982 [HIGH] CVE-2018-13982 php-smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir()
CVE-2018-13982 php-smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir()
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
References:
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal
Discussion:
Created php-Smarty tracking bugs for this issue:
Affects: epel-all [bug 1631098]
Affects: fedora-all [bug 1631096]
Created php-Smarty2 tracking bugs for this issue:
Affects: fedora-all [bug 1631097]
---
All dependent bugs have been closed. Can this tracking bug be close
Bugzilla
CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
bugzilla·2018-09-19·CVSS 7.5
CVE-2018-13982 [HIGH] CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Bugzilla
CVE-2018-13982 php-Smarty2: php-smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
bugzilla·2018-09-19·CVSS 7.5
CVE-2018-13982 [HIGH] CVE-2018-13982 php-Smarty2: php-smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
CVE-2018-13982 php-Smarty2: php-smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversalhttps://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfehttps://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8https://lists.debian.org/debian-lts-announce/2021/04/msg00004.htmlhttps://lists.debian.org/debian-lts-announce/2021/04/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2021/10/msg00015.htmlhttps://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversalhttps://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfehttps://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8https://lists.debian.org/debian-lts-announce/2021/04/msg00004.htmlhttps://lists.debian.org/debian-lts-announce/2021/04/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2021/10/msg00015.html
2018-09-18
Published