Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60089?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60089?format=api", "purl": "pkg:composer/smarty/smarty@3.1.43", "type": "composer", "namespace": "smarty", "name": "smarty", "version": "3.1.43", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.3", "latest_non_vulnerable_version": "5.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44786?format=api", "vulnerability_id": "VCID-3829-yarc-yqh3", "summary": "smarty Cross-site Scripting vulnerability in Javascript escaping\nAn attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79187", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964", "reference_id": "1033964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965", "reference_id": "1033965", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28447", "reference_id": "CVE-2023-28447", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28447" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml", "reference_id": "CVE-2023-28447.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7j98-h7fp-4vwj", "reference_id": "GHSA-7j98-h7fp-4vwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7j98-h7fp-4vwj" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj", "reference_id": "GHSA-7j98-h7fp-4vwj", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj" }, { "reference_url": "https://usn.ubuntu.com/6550-1/", "reference_id": "USN-6550-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6550-1/" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" }, { "reference_url": "https://usn.ubuntu.com/8242-1/", "reference_id": "USN-8242-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8242-1/" }, { "reference_url": "https://usn.ubuntu.com/8242-2/", "reference_id": "USN-8242-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8242-2/" }, { "reference_url": "https://usn.ubuntu.com/8272-1/", "reference_id": "USN-8272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64452?format=api", "purl": "pkg:composer/smarty/smarty@3.1.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/64451?format=api", "purl": "pkg:composer/smarty/smarty@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.1" } ], "aliases": [ "CVE-2023-28447", "GHSA-7j98-h7fp-4vwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3829-yarc-yqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101017?format=api", "vulnerability_id": "VCID-4dmb-dnk6-6qdd", "summary": "Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96329", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96333", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.25501", "scoring_system": "epss", "scoring_elements": "0.96324", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.45" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.1.1" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29221" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757", "reference_id": "1011757", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758", "reference_id": "1011758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://github.com/advisories/GHSA-634x-pc3q-cf4c", "reference_id": "GHSA-634x-pc3q-cf4c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-634x-pc3q-cf4c" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://usn.ubuntu.com/6012-1/", "reference_id": "USN-6012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6012-1/" }, { "reference_url": "https://usn.ubuntu.com/6550-1/", "reference_id": "USN-6550-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6550-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151845?format=api", "purl": "pkg:composer/smarty/smarty@3.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/151846?format=api", "purl": "pkg:composer/smarty/smarty@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.1.1" } ], "aliases": [ "CVE-2022-29221", "GHSA-634x-pc3q-cf4c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dmb-dnk6-6qdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55076?format=api", "vulnerability_id": "VCID-a3yk-8fmf-x7fw", "summary": "Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag\nTemplate authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-35226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.516", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51593", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-35226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35226" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:08:18Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072529", "reference_id": "1072529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072529" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072530", "reference_id": "1072530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072530" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35226", "reference_id": "CVE-2024-35226", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35226" }, { "reference_url": "https://github.com/advisories/GHSA-4rmg-292m-wg3w", "reference_id": "GHSA-4rmg-292m-wg3w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4rmg-292m-wg3w" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w", "reference_id": "GHSA-4rmg-292m-wg3w", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:08:18Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" }, { "reference_url": "https://usn.ubuntu.com/7377-1/", "reference_id": "USN-7377-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7377-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81675?format=api", "purl": "pkg:composer/smarty/smarty@4.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/81674?format=api", "purl": "pkg:composer/smarty/smarty@5.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@5.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/742527?format=api", "purl": "pkg:composer/smarty/smarty@5.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@5.2.0" } ], "aliases": [ "CVE-2024-35226", "GHSA-4rmg-292m-wg3w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yk-8fmf-x7fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101016?format=api", "vulnerability_id": "VCID-h2k4-cqfq-sbhw", "summary": "In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70701", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70651", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25047" }, { "reference_url": "https://bugs.gentoo.org/870100", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.gentoo.org/870100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9" }, { "reference_url": "https://github.com/smarty-php/smarty/issues/454", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/issues/454" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.47" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.2.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25047", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25047" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896", "reference_id": "1019896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897", "reference_id": "1019897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897" }, { "reference_url": "https://github.com/advisories/GHSA-hwq7-5vv9-c6cf", "reference_id": "GHSA-hwq7-5vv9-c6cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hwq7-5vv9-c6cf" }, { "reference_url": "https://usn.ubuntu.com/7158-1/", "reference_id": "USN-7158-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7158-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145718?format=api", "purl": "pkg:composer/smarty/smarty@3.1.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/145720?format=api", "purl": "pkg:composer/smarty/smarty@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.2.1" } ], "aliases": [ "CVE-2018-25047", "GHSA-hwq7-5vv9-c6cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2k4-cqfq-sbhw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42016?format=api", "vulnerability_id": "VCID-jhg5-tdyz-uyh4", "summary": "Improper Input Validation\nSmarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. A vulnerability was found that may allow template authors could run restricted static php methods.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64978", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64968", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml" }, { "reference_url": "https://github.com/smarty-php/smarty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/smarty-php/smarty" }, { "reference_url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v3.1.43" }, { "reference_url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/releases/tag/v4.0.3" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://security.gentoo.org/glsa/202209-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://security.gentoo.org/glsa/202209-09" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5151", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5151" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375", "reference_id": "1010375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/", "reference_id": "BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21408", "reference_id": "CVE-2021-21408", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21408" }, { "reference_url": "https://github.com/advisories/GHSA-4h9c-v5vg-5m6m", "reference_id": "GHSA-4h9c-v5vg-5m6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h9c-v5vg-5m6m" }, { "reference_url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m", "reference_id": "GHSA-4h9c-v5vg-5m6m", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/", "reference_id": "L777JIBIWJV34HS7LXPIDWASG7TT4LNI", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/" }, { "reference_url": "https://usn.ubuntu.com/5348-1/", "reference_id": "USN-5348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5348-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-2/", "reference_id": "USN-USN-5348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5348-3/", "reference_id": "USN-USN-5348-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5348-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60089?format=api", "purl": "pkg:composer/smarty/smarty@3.1.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/550650?format=api", "purl": "pkg:composer/smarty/smarty@4.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60090?format=api", "purl": "pkg:composer/smarty/smarty@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3829-yarc-yqh3" }, { "vulnerability": "VCID-4dmb-dnk6-6qdd" }, { "vulnerability": "VCID-a3yk-8fmf-x7fw" }, { "vulnerability": "VCID-h2k4-cqfq-sbhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/215090?format=api", "purl": "pkg:composer/smarty/smarty@4.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yk-8fmf-x7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.3" } ], "aliases": [ "CVE-2021-21408", "GHSA-4h9c-v5vg-5m6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhg5-tdyz-uyh4" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.43" }