Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/402829?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/402829?format=api", "purl": "pkg:composer/smarty/smarty@2.6.26", "type": "composer", "namespace": "smarty", "name": "smarty", "version": "2.6.26", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.3", "latest_non_vulnerable_version": "5.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181880?format=api", "vulnerability_id": "VCID-1vrk-mr94-huar", "summary": "Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70753", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70854", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70857", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70844", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25047" }, { "reference_url": "https://bugs.gentoo.org/870100", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.gentoo.org/870100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9" }, { "reference_url": "https://github.com/smarty-php/smarty/issues/454", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/issues/454" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.47" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.2.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896", "reference_id": "1019896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897", "reference_id": "1019897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25047", "reference_id": "CVE-2018-25047", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25047" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml", "reference_id": "CVE-2018-25047.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hwq7-5vv9-c6cf", "reference_id": "GHSA-hwq7-5vv9-c6cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hwq7-5vv9-c6cf" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26299?format=api", "purl": "pkg:composer/smarty/smarty@3.1.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/26295?format=api", "purl": "pkg:composer/smarty/smarty@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.2.1" } ], "aliases": [ "CVE-2018-25047", "GHSA-hwq7-5vv9-c6cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrk-mr94-huar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/156419?format=api", "vulnerability_id": "VCID-3mxe-phrs-j7d1", "summary": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65028", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65136", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65139", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65128", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375", "reference_id": "1010375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664", "reference_id": "19ae410bf56007a5ef24441cdc6414619cfaf664", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "202209-09", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21408", "reference_id": "CVE-2021-21408", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21408" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml", "reference_id": "CVE-2021-21408.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "dsa-5151", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://github.com/advisories/GHSA-4h9c-v5vg-5m6m", "reference_id": "GHSA-4h9c-v5vg-5m6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h9c-v5vg-5m6m" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m", "reference_id": "GHSA-4h9c-v5vg-5m6m", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43", "reference_id": "v3.1.43", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3", "reference_id": "v4.0.3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18659?format=api", "purl": "pkg:composer/smarty/smarty@3.1.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/532402?format=api", "purl": "pkg:composer/smarty/smarty@4.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/18660?format=api", "purl": "pkg:composer/smarty/smarty@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/419949?format=api", "purl": "pkg:composer/smarty/smarty@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.3" } ], "aliases": [ "CVE-2021-21408", "GHSA-4h9c-v5vg-5m6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mxe-phrs-j7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201645?format=api", "vulnerability_id": "VCID-azg6-1ya3-5ue4", "summary": "Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28251", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28052", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28265", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28274", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://web.archive.org/web/20101116174040/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101116174040/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5054", "reference_id": "CVE-2009-5054", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5054" }, { "reference_url": "https://github.com/advisories/GHSA-6m9f-8vwq-97pm", "reference_id": "GHSA-6m9f-8vwq-97pm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6m9f-8vwq-97pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20685?format=api", "purl": "pkg:composer/smarty/smarty@3.0.0-beta4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.0.0-beta4" }, { "url": "http://public2.vulnerablecode.io/api/packages/402832?format=api", "purl": "pkg:composer/smarty/smarty@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-85qb-yjs9-4kc8" }, { "vulnerability": "VCID-bcsf-ygsf-gkf8" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-hx89-epmr-qqd6" }, { "vulnerability": "VCID-j99h-vc6w-hyd5" }, { "vulnerability": "VCID-jjju-kned-ufhr" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-q28h-yy5c-6qgk" }, { "vulnerability": "VCID-u5f6-hy8m-5qd6" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-vtgu-facr-b7a2" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11" } ], "aliases": [ "CVE-2009-5054", "GHSA-6m9f-8vwq-97pm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azg6-1ya3-5ue4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183269?format=api", "vulnerability_id": "VCID-bcsf-ygsf-gkf8", "summary": "Multiple vulnerabilities in the Smarty template engine might allow\n remote attackers to execute arbitrary PHP code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98918", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98922", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98923", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.7558", "scoring_system": "epss", "scoring_elements": "0.98924", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26120.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26120.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md" }, { "reference_url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md#3139---2021-02-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md#3139---2021-02-17" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/165f1bd4d2eec328cfeaca517a725b46001de838", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/165f1bd4d2eec328cfeaca517a725b46001de838" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-3rpf-5rqv-689q", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-3rpf-5rqv-689q" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26120", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26120" }, { "reference_url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html" }, { "reference_url": "https://github.com/advisories/GHSA-3rpf-5rqv-689q", "reference_id": "GHSA-3rpf-5rqv-689q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rpf-5rqv-689q" }, { "reference_url": "https://security.gentoo.org/glsa/202105-06", "reference_id": "GLSA-202105-06", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202105-06" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382793?format=api", "purl": "pkg:composer/smarty/smarty@3.1.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.39" } ], "aliases": [ "CVE-2021-26120", "GHSA-3rpf-5rqv-689q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcsf-ygsf-gkf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/156393?format=api", "vulnerability_id": "VCID-g4mk-4raf-a3bj", "summary": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71134", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71235", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71237", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71224", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375", "reference_id": "1010375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "202209-09", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71", "reference_id": "215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29454", "reference_id": "CVE-2021-29454", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29454" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-29454.yaml", "reference_id": "CVE-2021-29454.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-29454.yaml" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "dsa-5151", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://github.com/advisories/GHSA-29gp-2c3m-3j6m", "reference_id": "GHSA-29gp-2c3m-3j6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29gp-2c3m-3j6m" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m", "reference_id": "GHSA-29gp-2c3m-3j6m", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://www.smarty.net/docs/en/language.function.math.tpl", "reference_id": "language.function.math.tpl", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://www.smarty.net/docs/en/language.function.math.tpl" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html" }, { "reference_url": "https://packagist.org/packages/smarty/smarty", "reference_id": "smarty", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://packagist.org/packages/smarty/smarty" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.42", "reference_id": "v3.1.42", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.42" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.2", "reference_id": "v4.0.2", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18658?format=api", "purl": "pkg:composer/smarty/smarty@3.1.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/18657?format=api", "purl": "pkg:composer/smarty/smarty@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.2" } ], "aliases": [ "CVE-2021-29454", "GHSA-29gp-2c3m-3j6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4mk-4raf-a3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202433?format=api", "vulnerability_id": "VCID-hx89-epmr-qqd6", "summary": "Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69056", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69148", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.6916", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.69154", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4437" }, { "reference_url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt" }, { "reference_url": "https://code.google.com/p/smarty-php/source/detail?r=4658", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://code.google.com/p/smarty-php/source/detail?r=4658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4437", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4437" }, { "reference_url": "https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/09/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/09/19/1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/09/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/09/20/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688153", "reference_id": "688153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688153" }, { "reference_url": "https://github.com/advisories/GHSA-9gqj-ppv2-f2hq", "reference_id": "GHSA-9gqj-ppv2-f2hq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gqj-ppv2-f2hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386459?format=api", "purl": "pkg:composer/smarty/smarty@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-85qb-yjs9-4kc8" }, { "vulnerability": "VCID-bcsf-ygsf-gkf8" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-j99h-vc6w-hyd5" }, { "vulnerability": "VCID-jjju-kned-ufhr" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-q28h-yy5c-6qgk" }, { "vulnerability": "VCID-u5f6-hy8m-5qd6" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-vtgu-facr-b7a2" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.12" } ], "aliases": [ "CVE-2012-4437", "GHSA-9gqj-ppv2-f2hq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hx89-epmr-qqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203598?format=api", "vulnerability_id": "VCID-jjju-kned-ufhr", "summary": "Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by \"{literal}<{/literal}script language=php>\" in a template.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0468.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://advisories.mageia.org/MGASA-2014-0468.html" }, { "reference_url": "http://osvdb.org/show/osvdb/113683", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/113683" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65161", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65262", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65273", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65271", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8350" }, { "reference_url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8350" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/420", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/420" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/421", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/421" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97725", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97725" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8350", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8350" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:221", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:221" }, { "reference_url": "http://www.securityfocus.com/bid/70708", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70708" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920", "reference_id": "765920", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920" }, { "reference_url": "https://github.com/advisories/GHSA-2pmx-6mm6-6v72", "reference_id": "GHSA-2pmx-6mm6-6v72", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pmx-6mm6-6v72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385863?format=api", "purl": "pkg:composer/smarty/smarty@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-85qb-yjs9-4kc8" }, { "vulnerability": "VCID-bcsf-ygsf-gkf8" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-j99h-vc6w-hyd5" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-q28h-yy5c-6qgk" }, { "vulnerability": "VCID-u5f6-hy8m-5qd6" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-vtgu-facr-b7a2" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.21" } ], "aliases": [ "CVE-2014-8350", "GHSA-2pmx-6mm6-6v72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjju-kned-ufhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169334?format=api", "vulnerability_id": "VCID-ke5v-yxmm-fydq", "summary": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96362", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96359", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96357", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96346", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757", "reference_id": "1011757", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758", "reference_id": "1011758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "202209-09", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd", "reference_id": "64ad6442ca1da31cefdab5c9874262b702cccddd", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29221", "reference_id": "CVE-2022-29221", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29221" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml", "reference_id": "CVE-2022-29221.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "dsa-5151", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://github.com/advisories/GHSA-634x-pc3q-cf4c", "reference_id": "GHSA-634x-pc3q-cf4c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-634x-pc3q-cf4c" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c", "reference_id": "GHSA-634x-pc3q-cf4c", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html", "reference_id": "msg00044.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html" }, { "reference_url": "https://usn.ubuntu.com/6012-1/", "reference_id": "USN-6012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6012-1/" }, { "reference_url": "https://usn.ubuntu.com/6550-1/", "reference_id": "USN-6550-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6550-1/" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45", "reference_id": "v3.1.45", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1", "reference_id": "v4.1.1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24281?format=api", "purl": "pkg:composer/smarty/smarty@3.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/24283?format=api", "purl": "pkg:composer/smarty/smarty@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.1.1" } ], "aliases": [ "CVE-2022-29221", "GHSA-634x-pc3q-cf4c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ke5v-yxmm-fydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183268?format=api", "vulnerability_id": "VCID-q28h-yy5c-6qgk", "summary": "Multiple vulnerabilities in the Smarty template engine might allow\n remote attackers to execute arbitrary PHP code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.98402", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.98407", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.62613", "scoring_system": "epss", "scoring_elements": "0.98408", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26119.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26119.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-w5hr-jm4j-9jvq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-w5hr-jm4j-9jvq" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26119", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26119" }, { "reference_url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html" }, { "reference_url": "https://github.com/advisories/GHSA-w5hr-jm4j-9jvq", "reference_id": "GHSA-w5hr-jm4j-9jvq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w5hr-jm4j-9jvq" }, { "reference_url": "https://security.gentoo.org/glsa/202105-06", "reference_id": "GLSA-202105-06", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202105-06" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382793?format=api", "purl": "pkg:composer/smarty/smarty@3.1.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.39" } ], "aliases": [ "CVE-2021-26119", "GHSA-w5hr-jm4j-9jvq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q28h-yy5c-6qgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356621?format=api", "vulnerability_id": "VCID-u5f6-hy8m-5qd6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25373", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2539", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25376", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41661" }, { "reference_url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve", "reference_id": "", "reference_type": "", "scores": [], "url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41661", "reference_id": "CVE-2023-41661", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394431?format=api", "purl": "pkg:composer/smarty/smarty@3.1.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-bcsf-ygsf-gkf8" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-q28h-yy5c-6qgk" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.36" } ], "aliases": [ "CVE-2023-41661" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5f6-hy8m-5qd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209740?format=api", "vulnerability_id": "VCID-ukne-sz3k-xkhf", "summary": "Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.78983", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.79048", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.79063", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.7906", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28447" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964", "reference_id": "1033964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965", "reference_id": "1033965", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965" }, { "reference_url": "https://github.com/advisories/GHSA-7j98-h7fp-4vwj", "reference_id": "GHSA-7j98-h7fp-4vwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j98-h7fp-4vwj" }, { "reference_url": "https://usn.ubuntu.com/6550-1/", "reference_id": "USN-6550-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6550-1/" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" }, { "reference_url": "https://usn.ubuntu.com/8242-1/", "reference_id": "USN-8242-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8242-1/" }, { "reference_url": "https://usn.ubuntu.com/8242-2/", "reference_id": "USN-8242-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8242-2/" }, { "reference_url": "https://usn.ubuntu.com/8272-1/", "reference_id": "USN-8272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380896?format=api", "purl": "pkg:composer/smarty/smarty@3.1.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/380895?format=api", "purl": "pkg:composer/smarty/smarty@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.1" } ], "aliases": [ "CVE-2023-28447", "GHSA-7j98-h7fp-4vwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukne-sz3k-xkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206046?format=api", "vulnerability_id": "VCID-vtgu-facr-b7a2", "summary": "Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85237", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85184", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85239", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02331", "scoring_system": "epss", "scoring_elements": "0.85246", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982" }, { "reference_url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13982", "reference_id": "CVE-2018-13982", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13982" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-13982.yaml", "reference_id": "CVE-2018-13982.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-13982.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7gfx-wxfh-7rvm", "reference_id": "GHSA-7gfx-wxfh-7rvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gfx-wxfh-7rvm" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21013?format=api", "purl": "pkg:composer/smarty/smarty@3.1.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-bcsf-ygsf-gkf8" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-q28h-yy5c-6qgk" }, { "vulnerability": "VCID-u5f6-hy8m-5qd6" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.33" } ], "aliases": [ "CVE-2018-13982", "GHSA-7gfx-wxfh-7rvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtgu-facr-b7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201919?format=api", "vulnerability_id": "VCID-yrs9-nmbk-27hy", "summary": "The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67234", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67143", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67248", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb" }, { "reference_url": "https://seclists.org/oss-sec/2011/q1/313", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/oss-sec/2011/q1/313" }, { "reference_url": "https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" }, { "reference_url": "https://www.smarty.net/forums/viewtopic.php?t=18815", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.smarty.net/forums/viewtopic.php?t=18815" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1028", "reference_id": "CVE-2011-1028", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1028" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-1028", "reference_id": "CVE-2011-1028", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-1028" }, { "reference_url": "https://github.com/advisories/GHSA-6frx-2r5w-c524", "reference_id": "GHSA-6frx-2r5w-c524", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6frx-2r5w-c524" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20213?format=api", "purl": "pkg:composer/smarty/smarty@3.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/402832?format=api", "purl": "pkg:composer/smarty/smarty@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrk-mr94-huar" }, { "vulnerability": "VCID-3mxe-phrs-j7d1" }, { "vulnerability": "VCID-85qb-yjs9-4kc8" }, { "vulnerability": "VCID-bcsf-ygsf-gkf8" }, { "vulnerability": "VCID-g4mk-4raf-a3bj" }, { "vulnerability": "VCID-hx89-epmr-qqd6" }, { "vulnerability": "VCID-j99h-vc6w-hyd5" }, { "vulnerability": "VCID-jjju-kned-ufhr" }, { "vulnerability": "VCID-ke5v-yxmm-fydq" }, { "vulnerability": "VCID-q28h-yy5c-6qgk" }, { "vulnerability": "VCID-u5f6-hy8m-5qd6" }, { "vulnerability": "VCID-ukne-sz3k-xkhf" }, { "vulnerability": "VCID-vtgu-facr-b7a2" }, { "vulnerability": "VCID-yvk2-k49u-1bat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11" } ], "aliases": [ "CVE-2011-1028", "GHSA-6frx-2r5w-c524" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrs9-nmbk-27hy" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.26" }