Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/smarty/smarty@4.3.1

Type composer

Namespace smarty

Name smarty

Version 4.3.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.5.3

Latest_non_vulnerable_version 5.2.0

Affected_by_vulnerabilities

url VCID-a3yk-8fmf-x7fw

vulnerability_id VCID-a3yk-8fmf-x7fw

summary

Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35226

reference_id

reference_type

scores

value	0.00279
scoring_system	epss
scoring_elements	0.51578
published_at	2026-06-07T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.516
published_at	2026-06-06T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51593
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35226

reference_url

https://github.com/smarty-php/smarty

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/smarty-php/smarty

reference_url

https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:08:18Z/

url

https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a

reference_url

https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072529
reference_id	1072529
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072529

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072530
reference_id	1072530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-35226

reference_id

CVE-2024-35226

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-35226

reference_url

https://github.com/advisories/GHSA-4rmg-292m-wg3w

reference_id

GHSA-4rmg-292m-wg3w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4rmg-292m-wg3w

reference_url

https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w

reference_id

GHSA-4rmg-292m-wg3w

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:08:18Z/

url

https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w

reference_url	https://usn.ubuntu.com/7158-1/
reference_id	USN-7158-1
reference_type
scores
url	https://usn.ubuntu.com/7158-1/

reference_url	https://usn.ubuntu.com/7377-1/
reference_id	USN-7377-1
reference_type
scores
url	https://usn.ubuntu.com/7377-1/

fixed_packages

url	pkg:composer/smarty/smarty@4.5.3
purl	pkg:composer/smarty/smarty@4.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.5.3

url	pkg:composer/smarty/smarty@5.1.1
purl	pkg:composer/smarty/smarty@5.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@5.1.1

url	pkg:composer/smarty/smarty@5.2.0
purl	pkg:composer/smarty/smarty@5.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@5.2.0

aliases CVE-2024-35226, GHSA-4rmg-292m-wg3w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yk-8fmf-x7fw

Fixing_vulnerabilities

url VCID-3829-yarc-yqh3

vulnerability_id VCID-3829-yarc-yqh3

summary

smarty Cross-site Scripting vulnerability in Javascript escaping
An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28447

reference_id

reference_type

scores

value	0.01189
scoring_system	epss
scoring_elements	0.79192
published_at	2026-06-06T12:55:00Z

value	0.01189
scoring_system	epss
scoring_elements	0.79184
published_at	2026-06-07T12:55:00Z

value	0.01189
scoring_system	epss
scoring_elements	0.79187
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447

reference_url

https://github.com/smarty-php/smarty

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/smarty-php/smarty

reference_url

https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d

reference_url

https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964
reference_id	1033964
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965
reference_id	1033965
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28447

reference_id

CVE-2023-28447

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28447

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml

reference_id

CVE-2023-28447.YAML

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml

reference_url

https://github.com/advisories/GHSA-7j98-h7fp-4vwj

reference_id

GHSA-7j98-h7fp-4vwj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7j98-h7fp-4vwj

reference_url

https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj

reference_id

GHSA-7j98-h7fp-4vwj

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj

reference_url	https://usn.ubuntu.com/6550-1/
reference_id	USN-6550-1
reference_type
scores
url	https://usn.ubuntu.com/6550-1/

reference_url	https://usn.ubuntu.com/7158-1/
reference_id	USN-7158-1
reference_type
scores
url	https://usn.ubuntu.com/7158-1/

reference_url	https://usn.ubuntu.com/8242-1/
reference_id	USN-8242-1
reference_type
scores
url	https://usn.ubuntu.com/8242-1/

reference_url	https://usn.ubuntu.com/8242-2/
reference_id	USN-8242-2
reference_type
scores
url	https://usn.ubuntu.com/8242-2/

reference_url	https://usn.ubuntu.com/8272-1/
reference_id	USN-8272-1
reference_type
scores
url	https://usn.ubuntu.com/8272-1/

fixed_packages

url pkg:composer/smarty/smarty@3.1.48

purl pkg:composer/smarty/smarty@3.1.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3yk-8fmf-x7fw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.48

url pkg:composer/smarty/smarty@4.3.1

purl pkg:composer/smarty/smarty@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3yk-8fmf-x7fw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.1

aliases CVE-2023-28447, GHSA-7j98-h7fp-4vwj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3829-yarc-yqh3

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.1

Package Instance