Sandbox Escape by math function in smarty
CVE-2021-29454

8.1HIGH

Key Information:

Vendor: Smarty-PHP
Status: Smarty
Vendor: CVE Published:; 10 January 2022

What is CVE-2021-29454?

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

Affected Version(s)

smarty < 3.1.42 < 3.1.42

smarty >= 4.0.0, < 4.0.2 < 4.0.0, 4.0.2

References

https://github.com/smarty-php/smarty/security/advisories/...

https://github.com/smarty-php/smarty/commit/215d81a9fa3cd...

https://github.com/smarty-php/smarty/releases/tag/v3.1.42

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2022
Vulnerability Reserved
Mar 30, 2021

Smarty-PHP

What is CVE-2021-29454?

Affected Version(s)

References

CVSS V3.1

Timeline