CVE-2018-13982
HIGH7.5EPSS 2.3%smarty3 - security update
Published: 5/13/2022Modified: 4/28/2026
Description
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Affected packages (3)
- Debian/smarty3from 0, < 3.1.33+20180830.1.3a78a21f+selfpack1-1
- Debian/smarty3from 0, < 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2
- Packagist/smarty/smartyfrom 0, < 3.1.33
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-13982
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-13982
- PATCHhttps://github.com/smarty-php/smarty
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-13982.yaml
- WEBhttps://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal
- WEBhttps://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50
- WEBhttps://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe
- WEBhttps://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531
- WEBhttps://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1
- WEBhttps://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8
- WEBhttps://lists.debian.org/debian-lts-announce/2021/04/msg00004.html
- WEBhttps://lists.debian.org/debian-lts-announce/2021/04/msg00014.html
- WEBhttps://lists.debian.org/debian-lts-announce/2021/10/msg00015.html