Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5avg-sw37-g3ff
Summary
Improper Input Validation
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
Aliases
0
alias CVE-2011-1028
1
alias GHSA-6frx-2r5w-c524
Fixed_packages
0
url pkg:composer/smarty/smarty@3.1.11
purl pkg:composer/smarty/smarty@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-3xs3-13we-6ffu
3
vulnerability VCID-4dmb-dnk6-6qdd
4
vulnerability VCID-a3yk-8fmf-x7fw
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-rr48-d56n-hugj
11
vulnerability VCID-vnb9-5w8q-r3bd
12
vulnerability VCID-xmrr-2jyf-5yhj
13
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11
1
url pkg:deb/debian/smarty3@3.0.8-1?distro=trixie
purl pkg:deb/debian/smarty3@3.0.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/smarty3@3.0.8-1%3Fdistro=trixie
2
url pkg:deb/debian/smarty3@3.1.10-2
purl pkg:deb/debian/smarty3@3.1.10-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3xs3-13we-6ffu
2
vulnerability VCID-4amz-egp8-f7dx
3
vulnerability VCID-4dmb-dnk6-6qdd
4
vulnerability VCID-a3yk-8fmf-x7fw
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-rr48-d56n-hugj
10
vulnerability VCID-vnb9-5w8q-r3bd
11
vulnerability VCID-xmrr-2jyf-5yhj
12
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/smarty3@3.1.10-2
3
url pkg:deb/debian/smarty3@3.1.39-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/smarty3@3.1.39-2%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/smarty3@3.1.39-2%252Bdeb11u1%3Fdistro=trixie
4
url pkg:deb/debian/smarty3@3.1.47-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/smarty3@3.1.47-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/smarty3@3.1.47-2%252Bdeb12u1%3Fdistro=trixie
5
url pkg:deb/debian/smarty3@3.1.48-2?distro=trixie
purl pkg:deb/debian/smarty3@3.1.48-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/smarty3@3.1.48-2%3Fdistro=trixie
Affected_packages
0
url pkg:composer/smarty/smarty@2.6.24
purl pkg:composer/smarty/smarty@2.6.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-rr48-d56n-hugj
11
vulnerability VCID-xmrr-2jyf-5yhj
12
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.24
1
url pkg:composer/smarty/smarty@2.6.25
purl pkg:composer/smarty/smarty@2.6.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-rr48-d56n-hugj
11
vulnerability VCID-xmrr-2jyf-5yhj
12
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.25
2
url pkg:composer/smarty/smarty@2.6.26
purl pkg:composer/smarty/smarty@2.6.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-rr48-d56n-hugj
11
vulnerability VCID-xmrr-2jyf-5yhj
12
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.26
3
url pkg:composer/smarty/smarty@2.6.27
purl pkg:composer/smarty/smarty@2.6.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-rr48-d56n-hugj
11
vulnerability VCID-xmrr-2jyf-5yhj
12
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.27
4
url pkg:composer/smarty/smarty@2.6.28
purl pkg:composer/smarty/smarty@2.6.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-rr48-d56n-hugj
11
vulnerability VCID-xmrr-2jyf-5yhj
12
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.28
5
url pkg:composer/smarty/smarty@2.6.29
purl pkg:composer/smarty/smarty@2.6.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-xmrr-2jyf-5yhj
11
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.29
6
url pkg:composer/smarty/smarty@2.6.30
purl pkg:composer/smarty/smarty@2.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-xmrr-2jyf-5yhj
11
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.30
7
url pkg:composer/smarty/smarty@2.6.31
purl pkg:composer/smarty/smarty@2.6.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-d7cx-7mkv-3qhe
6
vulnerability VCID-h2k4-cqfq-sbhw
7
vulnerability VCID-jhg5-tdyz-uyh4
8
vulnerability VCID-mmfc-us8q-xbha
9
vulnerability VCID-qnee-xruu-sfb1
10
vulnerability VCID-xmrr-2jyf-5yhj
11
vulnerability VCID-zgxx-cfyu-1ffy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.31
8
url pkg:composer/smarty/smarty@2.6.33
purl pkg:composer/smarty/smarty@2.6.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3829-yarc-yqh3
1
vulnerability VCID-3nky-rj9a-dyb7
2
vulnerability VCID-4dmb-dnk6-6qdd
3
vulnerability VCID-5avg-sw37-g3ff
4
vulnerability VCID-b4d4-pqtp-wbek
5
vulnerability VCID-h2k4-cqfq-sbhw
6
vulnerability VCID-jhg5-tdyz-uyh4
7
vulnerability VCID-mmfc-us8q-xbha
8
vulnerability VCID-qnee-xruu-sfb1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.33
9
url pkg:deb/debian/smarty3@3.0~rc1-1
purl pkg:deb/debian/smarty3@3.0~rc1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zrw-yeaj-1uas
1
vulnerability VCID-3829-yarc-yqh3
2
vulnerability VCID-3nky-rj9a-dyb7
3
vulnerability VCID-3xs3-13we-6ffu
4
vulnerability VCID-4amz-egp8-f7dx
5
vulnerability VCID-4dmb-dnk6-6qdd
6
vulnerability VCID-5avg-sw37-g3ff
7
vulnerability VCID-9mh2-hv61-6khw
8
vulnerability VCID-a3yk-8fmf-x7fw
9
vulnerability VCID-d7cx-7mkv-3qhe
10
vulnerability VCID-dm8f-mnup-1udw
11
vulnerability VCID-h2k4-cqfq-sbhw
12
vulnerability VCID-jhg5-tdyz-uyh4
13
vulnerability VCID-mmfc-us8q-xbha
14
vulnerability VCID-rr48-d56n-hugj
15
vulnerability VCID-t8ym-xckw-vffz
16
vulnerability VCID-vnb9-5w8q-r3bd
17
vulnerability VCID-w8cn-5dw9-kkg8
18
vulnerability VCID-xmrr-2jyf-5yhj
19
vulnerability VCID-zgxx-cfyu-1ffy
20
vulnerability VCID-zqm9-y52a-j3bp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/smarty3@3.0~rc1-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1028
reference_id
reference_type
scores
0
value 0.00517
scoring_system epss
scoring_elements 0.67061
published_at 2026-06-04T12:55:00Z
1
value 0.00517
scoring_system epss
scoring_elements 0.67094
published_at 2026-06-07T12:55:00Z
2
value 0.00517
scoring_system epss
scoring_elements 0.6711
published_at 2026-06-06T12:55:00Z
3
value 0.00517
scoring_system epss
scoring_elements 0.67102
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1028
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028
2
reference_url https://github.com/smarty-php/smarty
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/smarty-php/smarty
3
reference_url https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb
4
reference_url https://seclists.org/oss-sec/2011/q1/313
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/oss-sec/2011/q1/313
5
reference_url https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
6
reference_url https://www.smarty.net/forums/viewtopic.php?t=18815
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.smarty.net/forums/viewtopic.php?t=18815
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1028
reference_id CVE-2011-1028
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1028
8
reference_url https://security-tracker.debian.org/tracker/CVE-2011-1028
reference_id CVE-2011-1028
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2011-1028
9
reference_url https://github.com/advisories/GHSA-6frx-2r5w-c524
reference_id GHSA-6frx-2r5w-c524
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6frx-2r5w-c524
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5avg-sw37-g3ff