Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/200027?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/200027?format=api", "purl": "pkg:composer/smarty/smarty@2.6.27", "type": "composer", "namespace": "smarty", "name": "smarty", "version": "2.6.27", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.3", "latest_non_vulnerable_version": "5.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44786?format=api", "vulnerability_id": "VCID-3829-yarc-yqh3", "summary": "smarty Cross-site Scripting vulnerability in Javascript escaping\nAn attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79184", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79187", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964", "reference_id": "1033964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965", "reference_id": "1033965", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28447", "reference_id": "CVE-2023-28447", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28447" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml", "reference_id": "CVE-2023-28447.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7j98-h7fp-4vwj", "reference_id": "GHSA-7j98-h7fp-4vwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j98-h7fp-4vwj" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj", "reference_id": "GHSA-7j98-h7fp-4vwj", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj" }, { "reference_url": "https://usn.ubuntu.com/6550-1/", "reference_id": "USN-6550-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6550-1/" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" }, { "reference_url": "https://usn.ubuntu.com/8242-1/", "reference_id": "USN-8242-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8242-1/" }, { "reference_url": "https://usn.ubuntu.com/8242-2/", "reference_id": "USN-8242-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8242-2/" }, { "reference_url": "https://usn.ubuntu.com/8272-1/", "reference_id": "USN-8272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64452?format=api", "purl": "pkg:composer/smarty/smarty@3.1.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/64451?format=api", "purl": "pkg:composer/smarty/smarty@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.1" } ], "aliases": [ "CVE-2023-28447", "GHSA-7j98-h7fp-4vwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3829-yarc-yqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101015?format=api", "vulnerability_id": "VCID-3nky-rj9a-dyb7", "summary": "Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68994", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69001", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68992", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4437" }, { "reference_url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt" }, { "reference_url": "https://code.google.com/p/smarty-php/source/detail?r=4658", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://code.google.com/p/smarty-php/source/detail?r=4658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4437", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4437" }, { "reference_url": "https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/09/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/09/19/1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/09/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/09/20/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688153", "reference_id": "688153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688153" }, { "reference_url": "https://github.com/advisories/GHSA-9gqj-ppv2-f2hq", "reference_id": "GHSA-9gqj-ppv2-f2hq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9gqj-ppv2-f2hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/155476?format=api", "purl": "pkg:composer/smarty/smarty@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-3xs3-13we-6ffu" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-d7cx-7mkv-3qhe" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" }, { "vulnerability": "VCID-qnee-xruu-sfb1" }, { "vulnerability": "VCID-rr48-d56n-hugj" }, { "vulnerability": "VCID-vnb9-5w8q-r3bd" }, { "vulnerability": "VCID-xmrr-2jyf-5yhj" }, { "vulnerability": "VCID-zgxx-cfyu-1ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.12" } ], "aliases": [ "CVE-2012-4437", "GHSA-9gqj-ppv2-f2hq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nky-rj9a-dyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101017?format=api", "vulnerability_id": "VCID-4dmb-dnk6-6qdd", "summary": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96324", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96334", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96333", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96329", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29221" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757", "reference_id": "1011757", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758", "reference_id": "1011758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://github.com/advisories/GHSA-634x-pc3q-cf4c", "reference_id": "GHSA-634x-pc3q-cf4c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-634x-pc3q-cf4c" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://usn.ubuntu.com/6012-1/", "reference_id": "USN-6012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6012-1/" }, { "reference_url": "https://usn.ubuntu.com/6550-1/", "reference_id": "USN-6550-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6550-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151845?format=api", "purl": "pkg:composer/smarty/smarty@3.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/151846?format=api", "purl": "pkg:composer/smarty/smarty@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.1.1" } ], "aliases": [ "CVE-2022-29221", "GHSA-634x-pc3q-cf4c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dmb-dnk6-6qdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42982?format=api", "vulnerability_id": "VCID-5avg-sw37-g3ff", "summary": "Improper Input Validation\nThe $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67061", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67094", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6711", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67102", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb" }, { "reference_url": "https://seclists.org/oss-sec/2011/q1/313", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/oss-sec/2011/q1/313" }, { "reference_url": "https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" }, { "reference_url": "https://www.smarty.net/forums/viewtopic.php?t=18815", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.smarty.net/forums/viewtopic.php?t=18815" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1028", "reference_id": "CVE-2011-1028", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1028" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-1028", "reference_id": "CVE-2011-1028", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-1028" }, { "reference_url": "https://github.com/advisories/GHSA-6frx-2r5w-c524", "reference_id": "GHSA-6frx-2r5w-c524", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6frx-2r5w-c524" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61499?format=api", "purl": "pkg:composer/smarty/smarty@3.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/200029?format=api", "purl": "pkg:composer/smarty/smarty@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-3nky-rj9a-dyb7" }, { "vulnerability": "VCID-3xs3-13we-6ffu" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-d7cx-7mkv-3qhe" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" }, { "vulnerability": "VCID-qnee-xruu-sfb1" }, { "vulnerability": "VCID-rr48-d56n-hugj" }, { "vulnerability": "VCID-vnb9-5w8q-r3bd" }, { "vulnerability": "VCID-xmrr-2jyf-5yhj" }, { "vulnerability": "VCID-zgxx-cfyu-1ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11" } ], "aliases": [ "CVE-2011-1028", "GHSA-6frx-2r5w-c524" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5avg-sw37-g3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43224?format=api", "vulnerability_id": "VCID-b4d4-pqtp-wbek", "summary": "Smarty Does Not Consider Umask Values When Setting Permissions\nSmarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28154", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28068", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28106", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28083", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://web.archive.org/web/20101116174040/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101116174040/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5054", "reference_id": "CVE-2009-5054", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5054" }, { "reference_url": "https://github.com/advisories/GHSA-6m9f-8vwq-97pm", "reference_id": "GHSA-6m9f-8vwq-97pm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6m9f-8vwq-97pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61898?format=api", "purl": "pkg:composer/smarty/smarty@3.0.0-beta4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.0.0-beta4" }, { "url": "http://public2.vulnerablecode.io/api/packages/200029?format=api", "purl": "pkg:composer/smarty/smarty@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-3nky-rj9a-dyb7" }, { "vulnerability": "VCID-3xs3-13we-6ffu" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-d7cx-7mkv-3qhe" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" }, { "vulnerability": "VCID-qnee-xruu-sfb1" }, { "vulnerability": "VCID-rr48-d56n-hugj" }, { "vulnerability": "VCID-vnb9-5w8q-r3bd" }, { "vulnerability": "VCID-xmrr-2jyf-5yhj" }, { "vulnerability": "VCID-zgxx-cfyu-1ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11" } ], "aliases": [ "CVE-2009-5054", "GHSA-6m9f-8vwq-97pm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4d4-pqtp-wbek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40249?format=api", "vulnerability_id": "VCID-d7cx-7mkv-3qhe", "summary": "Path Traversal\n`Smarty_Security::isTrustedResourceDir()` in Smarty is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85158", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85153", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-13982.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-13982.yaml" }, { "reference_url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13982", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13982" }, { "reference_url": "https://github.com/advisories/GHSA-7gfx-wxfh-7rvm", "reference_id": "GHSA-7gfx-wxfh-7rvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gfx-wxfh-7rvm" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56421?format=api", "purl": "pkg:composer/smarty/smarty@3.1.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" }, { "vulnerability": "VCID-qnee-xruu-sfb1" }, { "vulnerability": "VCID-xmrr-2jyf-5yhj" }, { "vulnerability": "VCID-zgxx-cfyu-1ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.33" } ], "aliases": [ "CVE-2018-13982", "GHSA-7gfx-wxfh-7rvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7cx-7mkv-3qhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101016?format=api", "vulnerability_id": "VCID-h2k4-cqfq-sbhw", "summary": "In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70684", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70651", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70701", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25047" }, { "reference_url": "https://bugs.gentoo.org/870100", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.gentoo.org/870100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9" }, { "reference_url": "https://github.com/smarty-php/smarty/issues/454", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/issues/454" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.47" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.2.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25047" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896", "reference_id": "1019896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897", "reference_id": "1019897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897" }, { "reference_url": "https://github.com/advisories/GHSA-hwq7-5vv9-c6cf", "reference_id": "GHSA-hwq7-5vv9-c6cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hwq7-5vv9-c6cf" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145718?format=api", "purl": "pkg:composer/smarty/smarty@3.1.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/145720?format=api", "purl": "pkg:composer/smarty/smarty@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.2.1" } ], "aliases": [ "CVE-2018-25047", "GHSA-hwq7-5vv9-c6cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2k4-cqfq-sbhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42016?format=api", "vulnerability_id": "VCID-jhg5-tdyz-uyh4", "summary": "Improper Input Validation\nSmarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. A vulnerability was found that may allow template authors could run restricted static php methods.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64968", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64966", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64978", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375", "reference_id": "1010375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21408", "reference_id": "CVE-2021-21408", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21408" }, { "reference_url": "https://github.com/advisories/GHSA-4h9c-v5vg-5m6m", "reference_id": "GHSA-4h9c-v5vg-5m6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h9c-v5vg-5m6m" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m", "reference_id": "GHSA-4h9c-v5vg-5m6m", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60089?format=api", "purl": "pkg:composer/smarty/smarty@3.1.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/550650?format=api", "purl": "pkg:composer/smarty/smarty@4.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60090?format=api", "purl": "pkg:composer/smarty/smarty@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/215090?format=api", "purl": "pkg:composer/smarty/smarty@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.3" } ], "aliases": [ "CVE-2021-21408", "GHSA-4h9c-v5vg-5m6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhg5-tdyz-uyh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42013?format=api", "vulnerability_id": "VCID-mmfc-us8q-xbha", "summary": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nSmarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71074", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71064", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71081", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71031", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-29454.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-29454.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.42", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.42" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://packagist.org/packages/smarty/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://packagist.org/packages/smarty/smarty" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://www.smarty.net/docs/en/language.function.math.tpl", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://www.smarty.net/docs/en/language.function.math.tpl" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375", "reference_id": "1010375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29454", "reference_id": "CVE-2021-29454", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29454" }, { "reference_url": "https://github.com/advisories/GHSA-29gp-2c3m-3j6m", "reference_id": "GHSA-29gp-2c3m-3j6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29gp-2c3m-3j6m" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m", "reference_id": "GHSA-29gp-2c3m-3j6m", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60081?format=api", "purl": "pkg:composer/smarty/smarty@3.1.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/60082?format=api", "purl": "pkg:composer/smarty/smarty@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.2" } ], "aliases": [ "CVE-2021-29454", "GHSA-29gp-2c3m-3j6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmfc-us8q-xbha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46112?format=api", "vulnerability_id": "VCID-qnee-xruu-sfb1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2525", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25234", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25184", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41661" }, { "reference_url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve", "reference_id": "", "reference_type": "", "scores": [], "url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41661", "reference_id": "CVE-2023-41661", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67148?format=api", "purl": "pkg:composer/smarty/smarty@3.1.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" }, { "vulnerability": "VCID-xmrr-2jyf-5yhj" }, { "vulnerability": "VCID-zgxx-cfyu-1ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.36" } ], "aliases": [ "CVE-2023-41661" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnee-xruu-sfb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37767?format=api", "vulnerability_id": "VCID-rr48-d56n-hugj", "summary": "Secure mode bypass\nScript language=\"php\" HTML tags are interpreted even in secure mode. This may allow a remote attacker to bypass secure mode's intended restrictions and execute arbitrary PHP code.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0468.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://advisories.mageia.org/MGASA-2014-0468.html" }, { "reference_url": "http://osvdb.org/show/osvdb/113683", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/113683" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65099", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.651", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65111", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65058", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8350" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920" }, { "reference_url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8350" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/420", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/420" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/421", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/421" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97725", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97725" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8350", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8350" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:221", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:221" }, { "reference_url": "http://www.securityfocus.com/bid/70708", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70708" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52026?format=api", "purl": "pkg:composer/smarty/smarty@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-3xs3-13we-6ffu" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-d7cx-7mkv-3qhe" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" }, { "vulnerability": "VCID-qnee-xruu-sfb1" }, { "vulnerability": "VCID-vnb9-5w8q-r3bd" }, { "vulnerability": "VCID-xmrr-2jyf-5yhj" }, { "vulnerability": "VCID-zgxx-cfyu-1ffy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.21" } ], "aliases": [ "CVE-2014-8350", "GHSA-2pmx-6mm6-6v72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr48-d56n-hugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54095?format=api", "vulnerability_id": "VCID-xmrr-2jyf-5yhj", "summary": "Code Injection\nSmarty allows code injection via an unexpected function name after a `{function name=` substring.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98919", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98918", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98916", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26120.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26120.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md" }, { "reference_url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md#3139---2021-02-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md#3139---2021-02-17" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/165f1bd4d2eec328cfeaca517a725b46001de838", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/165f1bd4d2eec328cfeaca517a725b46001de838" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-3rpf-5rqv-689q", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-3rpf-5rqv-689q" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html" }, { "reference_url": "https://security.gentoo.org/glsa/202105-06", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202105-06" }, { "reference_url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26120", "reference_id": "CVE-2021-26120", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26120" }, { "reference_url": "https://github.com/advisories/GHSA-3rpf-5rqv-689q", "reference_id": "GHSA-3rpf-5rqv-689q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rpf-5rqv-689q" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79805?format=api", "purl": "pkg:composer/smarty/smarty@3.1.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.39" } ], "aliases": [ "CVE-2021-26120", "GHSA-3rpf-5rqv-689q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmrr-2jyf-5yhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54097?format=api", "vulnerability_id": "VCID-zgxx-cfyu-1ffy", "summary": "Trust Boundary Violation\nSmarty allows a Sandbox Escape because `$smarty.template_object` can be accessed in sandbox mode.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.98396", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.984", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.98401", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.98399", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26119.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26119.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-w5hr-jm4j-9jvq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-w5hr-jm4j-9jvq" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html" }, { "reference_url": "https://security.gentoo.org/glsa/202105-06", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202105-06" }, { "reference_url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26119", "reference_id": "CVE-2021-26119", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26119" }, { "reference_url": "https://github.com/advisories/GHSA-w5hr-jm4j-9jvq", "reference_id": "GHSA-w5hr-jm4j-9jvq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w5hr-jm4j-9jvq" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79805?format=api", "purl": "pkg:composer/smarty/smarty@3.1.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" }, { "vulnerability": "VCID-jhg5-tdyz-uyh4" }, { "vulnerability": "VCID-mmfc-us8q-xbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.39" } ], "aliases": [ "CVE-2021-26119", "GHSA-w5hr-jm4j-9jvq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxx-cfyu-1ffy" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.27" }