VulnerableCode Package Details - pkg:ebuild/dev-php/smarty@4.2.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1vrk-mr94-huar	Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution	CVE-2018-25047 GHSA-hwq7-5vv9-c6cf
VCID-3mxe-phrs-j7d1	Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.	CVE-2021-21408 GHSA-4h9c-v5vg-5m6m
VCID-g4mk-4raf-a3bj	Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.	CVE-2021-29454 GHSA-29gp-2c3m-3j6m
VCID-ke5v-yxmm-fydq	Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.	CVE-2022-29221 GHSA-634x-pc3q-cf4c

Vulnerability

Summary

Aliases

VCID-1vrk-mr94-huar

Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution

CVE-2018-25047
GHSA-hwq7-5vv9-c6cf

VCID-3mxe-phrs-j7d1

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.

CVE-2021-21408
GHSA-4h9c-v5vg-5m6m

VCID-g4mk-4raf-a3bj

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

CVE-2021-29454
GHSA-29gp-2c3m-3j6m

VCID-ke5v-yxmm-fydq

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.

CVE-2022-29221
GHSA-634x-pc3q-cf4c

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-11T18:00:57.883783+00:00	Gentoo Importer	Fixing	VCID-ke5v-yxmm-fydq	https://security.gentoo.org/glsa/202209-09	38.6.0
2026-06-11T18:00:57.869270+00:00	Gentoo Importer	Fixing	VCID-g4mk-4raf-a3bj	https://security.gentoo.org/glsa/202209-09	38.6.0
2026-06-11T18:00:57.853741+00:00	Gentoo Importer	Fixing	VCID-3mxe-phrs-j7d1	https://security.gentoo.org/glsa/202209-09	38.6.0
2026-06-11T18:00:57.839414+00:00	Gentoo Importer	Fixing	VCID-1vrk-mr94-huar	https://security.gentoo.org/glsa/202209-09	38.6.0