| Vulnerability Name: | CVE-2018-13982 (CCN-149954) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-09-17 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-09-17 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2021-11-02 | ||||||||||||||||||||||||||||||||||||
| Summary: | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-13982 Source: XF Type: UNKNOWN smarty-cve201813982-dir-traversal(149954) Source: MISC Type: Exploit, Patch, Third Party Advisory https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50 Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531 Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1 Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8 Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update Source: CCN Type: oss-sec Mailing List, Mon, 17 Sep 2018 19:15:52 +0200 [SBA-ADV-20180420-01] CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal Source: CCN Type: Smarty Web site Smarty Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-13982 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||