cbcvebase.
CVE-2021-29454
published 2022-01-10

CVE-2021-29454: Sandbox Escape by math function in smarty Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.93%
77.4th percentile
Sandbox Escape by math function in smarty Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

Affected

4 ranges
VendorProductVersion rangeFixed in
smarty-phpsmarty< 3.1.423.1.42
smarty-phpsmarty
smartysmarty>= 0 < 3.1.423.1.42
smartysmarty>= 4.0.0 < 4.0.24.0.2

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cvelistv58.1HIGH
osv7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.