{"url":"http://public2.vulnerablecode.io/api/packages/532300?format=json","purl":"pkg:composer/smarty/smarty@2.6.33","type":"composer","namespace":"smarty","name":"smarty","version":"2.6.33","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.5.3","latest_non_vulnerable_version":"5.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181880?format=json","vulnerability_id":"VCID-1vrk-mr94-huar","summary":"Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25047","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70753","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25047"},{"reference_url":"https://bugs.gentoo.org/870100","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.gentoo.org/870100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9"},{"reference_url":"https://github.com/smarty-php/smarty/issues/454","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/issues/454"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.47","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.47"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v4.2.1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/releases/tag/v4.2.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896","reference_id":"1019896","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897","reference_id":"1019897","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019897"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25047","reference_id":"CVE-2018-25047","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25047"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml","reference_id":"CVE-2018-25047.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-25047.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hwq7-5vv9-c6cf","reference_id":"GHSA-hwq7-5vv9-c6cf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hwq7-5vv9-c6cf"},{"reference_url":"https://usn.ubuntu.com/7158-1/","reference_id":"USN-7158-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7158-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26299?format=json","purl":"pkg:composer/smarty/smarty@3.1.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:composer/smarty/smarty@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.2.1"}],"aliases":["CVE-2018-25047","GHSA-hwq7-5vv9-c6cf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrk-mr94-huar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/156419?format=json","vulnerability_id":"VCID-3mxe-phrs-j7d1","summary":"Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21408","reference_id":"","reference_type":"","scores":[{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.65028","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375","reference_id":"1010375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375"},{"reference_url":"https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664","reference_id":"19ae410bf56007a5ef24441cdc6414619cfaf664","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664"},{"reference_url":"https://security.gentoo.org/glsa/202209-09","reference_id":"202209-09","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://security.gentoo.org/glsa/202209-09"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/","reference_id":"BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21408","reference_id":"CVE-2021-21408","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21408"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml","reference_id":"CVE-2021-21408.YAML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-21408.yaml"},{"reference_url":"https://www.debian.org/security/2022/dsa-5151","reference_id":"dsa-5151","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://www.debian.org/security/2022/dsa-5151"},{"reference_url":"https://github.com/advisories/GHSA-4h9c-v5vg-5m6m","reference_id":"GHSA-4h9c-v5vg-5m6m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h9c-v5vg-5m6m"},{"reference_url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m","reference_id":"GHSA-4h9c-v5vg-5m6m","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/","reference_id":"L777JIBIWJV34HS7LXPIDWASG7TT4LNI","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html"},{"reference_url":"https://usn.ubuntu.com/5348-1/","reference_id":"USN-5348-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5348-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5348-2/","reference_id":"USN-USN-5348-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5348-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5348-3/","reference_id":"USN-USN-5348-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5348-3/"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.43","reference_id":"v3.1.43","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.43"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v4.0.3","reference_id":"v4.0.3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:17Z/"}],"url":"https://github.com/smarty-php/smarty/releases/tag/v4.0.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18659?format=json","purl":"pkg:composer/smarty/smarty@3.1.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.43"},{"url":"http://public2.vulnerablecode.io/api/packages/532402?format=json","purl":"pkg:composer/smarty/smarty@4.0.0-rc.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.0-rc.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18660?format=json","purl":"pkg:composer/smarty/smarty@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/419949?format=json","purl":"pkg:composer/smarty/smarty@4.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.3"}],"aliases":["CVE-2021-21408","GHSA-4h9c-v5vg-5m6m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mxe-phrs-j7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201645?format=json","vulnerability_id":"VCID-azg6-1ya3-5ue4","summary":"Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5054","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28052","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://web.archive.org/web/20101116174040/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20101116174040/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5054","reference_id":"CVE-2009-5054","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5054"},{"reference_url":"https://github.com/advisories/GHSA-6m9f-8vwq-97pm","reference_id":"GHSA-6m9f-8vwq-97pm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6m9f-8vwq-97pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20685?format=json","purl":"pkg:composer/smarty/smarty@3.0.0-beta4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.0.0-beta4"},{"url":"http://public2.vulnerablecode.io/api/packages/402832?format=json","purl":"pkg:composer/smarty/smarty@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-3mxe-phrs-j7d1"},{"vulnerability":"VCID-85qb-yjs9-4kc8"},{"vulnerability":"VCID-bcsf-ygsf-gkf8"},{"vulnerability":"VCID-g4mk-4raf-a3bj"},{"vulnerability":"VCID-hx89-epmr-qqd6"},{"vulnerability":"VCID-j99h-vc6w-hyd5"},{"vulnerability":"VCID-jjju-kned-ufhr"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-q28h-yy5c-6qgk"},{"vulnerability":"VCID-u5f6-hy8m-5qd6"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-vtgu-facr-b7a2"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11"}],"aliases":["CVE-2009-5054","GHSA-6m9f-8vwq-97pm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azg6-1ya3-5ue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/156393?format=json","vulnerability_id":"VCID-g4mk-4raf-a3bj","summary":"Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29454","reference_id":"","reference_type":"","scores":[{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71134","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375","reference_id":"1010375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375"},{"reference_url":"https://security.gentoo.org/glsa/202209-09","reference_id":"202209-09","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://security.gentoo.org/glsa/202209-09"},{"reference_url":"https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71","reference_id":"215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/","reference_id":"BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29454","reference_id":"CVE-2021-29454","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29454"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-29454.yaml","reference_id":"CVE-2021-29454.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-29454.yaml"},{"reference_url":"https://www.debian.org/security/2022/dsa-5151","reference_id":"dsa-5151","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://www.debian.org/security/2022/dsa-5151"},{"reference_url":"https://github.com/advisories/GHSA-29gp-2c3m-3j6m","reference_id":"GHSA-29gp-2c3m-3j6m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29gp-2c3m-3j6m"},{"reference_url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m","reference_id":"GHSA-29gp-2c3m-3j6m","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/","reference_id":"L777JIBIWJV34HS7LXPIDWASG7TT4LNI","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"},{"reference_url":"https://www.smarty.net/docs/en/language.function.math.tpl","reference_id":"language.function.math.tpl","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://www.smarty.net/docs/en/language.function.math.tpl"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html"},{"reference_url":"https://packagist.org/packages/smarty/smarty","reference_id":"smarty","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://packagist.org/packages/smarty/smarty"},{"reference_url":"https://usn.ubuntu.com/5348-1/","reference_id":"USN-5348-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5348-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5348-2/","reference_id":"USN-USN-5348-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5348-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5348-3/","reference_id":"USN-USN-5348-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5348-3/"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.42","reference_id":"v3.1.42","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.42"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v4.0.2","reference_id":"v4.0.2","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:57:13Z/"}],"url":"https://github.com/smarty-php/smarty/releases/tag/v4.0.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18658?format=json","purl":"pkg:composer/smarty/smarty@3.1.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-3mxe-phrs-j7d1"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.42"},{"url":"http://public2.vulnerablecode.io/api/packages/18657?format=json","purl":"pkg:composer/smarty/smarty@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-3mxe-phrs-j7d1"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.0.2"}],"aliases":["CVE-2021-29454","GHSA-29gp-2c3m-3j6m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4mk-4raf-a3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202433?format=json","vulnerability_id":"VCID-hx89-epmr-qqd6","summary":"Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4437","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69056","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4437"},{"reference_url":"https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt"},{"reference_url":"https://code.google.com/p/smarty-php/source/detail?r=4658","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://code.google.com/p/smarty-php/source/detail?r=4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4437","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4437"},{"reference_url":"https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506"},{"reference_url":"https://www.openwall.com/lists/oss-security/2012/09/19/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2012/09/19/1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2012/09/20/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2012/09/20/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688153","reference_id":"688153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688153"},{"reference_url":"https://github.com/advisories/GHSA-9gqj-ppv2-f2hq","reference_id":"GHSA-9gqj-ppv2-f2hq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9gqj-ppv2-f2hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386459?format=json","purl":"pkg:composer/smarty/smarty@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-3mxe-phrs-j7d1"},{"vulnerability":"VCID-85qb-yjs9-4kc8"},{"vulnerability":"VCID-bcsf-ygsf-gkf8"},{"vulnerability":"VCID-g4mk-4raf-a3bj"},{"vulnerability":"VCID-j99h-vc6w-hyd5"},{"vulnerability":"VCID-jjju-kned-ufhr"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-q28h-yy5c-6qgk"},{"vulnerability":"VCID-u5f6-hy8m-5qd6"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-vtgu-facr-b7a2"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.12"}],"aliases":["CVE-2012-4437","GHSA-9gqj-ppv2-f2hq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hx89-epmr-qqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/169334?format=json","vulnerability_id":"VCID-ke5v-yxmm-fydq","summary":"Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29221","reference_id":"","reference_type":"","scores":[{"value":"0.25501","scoring_system":"epss","scoring_elements":"0.96346","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757","reference_id":"1011757","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758","reference_id":"1011758","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758"},{"reference_url":"https://security.gentoo.org/glsa/202209-09","reference_id":"202209-09","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://security.gentoo.org/glsa/202209-09"},{"reference_url":"https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd","reference_id":"64ad6442ca1da31cefdab5c9874262b702cccddd","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/","reference_id":"BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29221","reference_id":"CVE-2022-29221","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29221"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml","reference_id":"CVE-2022-29221.YAML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2022-29221.yaml"},{"reference_url":"https://www.debian.org/security/2022/dsa-5151","reference_id":"dsa-5151","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://www.debian.org/security/2022/dsa-5151"},{"reference_url":"https://github.com/advisories/GHSA-634x-pc3q-cf4c","reference_id":"GHSA-634x-pc3q-cf4c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-634x-pc3q-cf4c"},{"reference_url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c","reference_id":"GHSA-634x-pc3q-cf4c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/","reference_id":"L777JIBIWJV34HS7LXPIDWASG7TT4LNI","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html","reference_id":"msg00044.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html"},{"reference_url":"https://usn.ubuntu.com/6012-1/","reference_id":"USN-6012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6012-1/"},{"reference_url":"https://usn.ubuntu.com/6550-1/","reference_id":"USN-6550-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6550-1/"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.45","reference_id":"v3.1.45","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://github.com/smarty-php/smarty/releases/tag/v3.1.45"},{"reference_url":"https://github.com/smarty-php/smarty/releases/tag/v4.1.1","reference_id":"v4.1.1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:58Z/"}],"url":"https://github.com/smarty-php/smarty/releases/tag/v4.1.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24281?format=json","purl":"pkg:composer/smarty/smarty@3.1.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.45"},{"url":"http://public2.vulnerablecode.io/api/packages/24283?format=json","purl":"pkg:composer/smarty/smarty@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.1.1"}],"aliases":["CVE-2022-29221","GHSA-634x-pc3q-cf4c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ke5v-yxmm-fydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356621?format=json","vulnerability_id":"VCID-u5f6-hy8m-5qd6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41661","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25176","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41661"},{"reference_url":"https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve","reference_id":"","reference_type":"","scores":[],"url":"https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41661","reference_id":"CVE-2023-41661","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394431?format=json","purl":"pkg:composer/smarty/smarty@3.1.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-3mxe-phrs-j7d1"},{"vulnerability":"VCID-bcsf-ygsf-gkf8"},{"vulnerability":"VCID-g4mk-4raf-a3bj"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-q28h-yy5c-6qgk"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.36"}],"aliases":["CVE-2023-41661"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5f6-hy8m-5qd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209740?format=json","vulnerability_id":"VCID-ukne-sz3k-xkhf","summary":"Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28447","reference_id":"","reference_type":"","scores":[{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.78983","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2023-28447.yaml"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d"},{"reference_url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28447","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28447"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964","reference_id":"1033964","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965","reference_id":"1033965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033965"},{"reference_url":"https://github.com/advisories/GHSA-7j98-h7fp-4vwj","reference_id":"GHSA-7j98-h7fp-4vwj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7j98-h7fp-4vwj"},{"reference_url":"https://usn.ubuntu.com/6550-1/","reference_id":"USN-6550-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6550-1/"},{"reference_url":"https://usn.ubuntu.com/7158-1/","reference_id":"USN-7158-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7158-1/"},{"reference_url":"https://usn.ubuntu.com/8242-1/","reference_id":"USN-8242-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8242-1/"},{"reference_url":"https://usn.ubuntu.com/8242-2/","reference_id":"USN-8242-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8242-2/"},{"reference_url":"https://usn.ubuntu.com/8272-1/","reference_id":"USN-8272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380896?format=json","purl":"pkg:composer/smarty/smarty@3.1.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.48"},{"url":"http://public2.vulnerablecode.io/api/packages/380895?format=json","purl":"pkg:composer/smarty/smarty@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@4.3.1"}],"aliases":["CVE-2023-28447","GHSA-7j98-h7fp-4vwj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukne-sz3k-xkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201919?format=json","vulnerability_id":"VCID-yrs9-nmbk-27hy","summary":"The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1028","reference_id":"","reference_type":"","scores":[{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67143","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1028"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1028"},{"reference_url":"https://github.com/smarty-php/smarty","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty"},{"reference_url":"https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb"},{"reference_url":"https://seclists.org/oss-sec/2011/q1/313","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/oss-sec/2011/q1/313"},{"reference_url":"https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"},{"reference_url":"https://www.smarty.net/forums/viewtopic.php?t=18815","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.smarty.net/forums/viewtopic.php?t=18815"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1028","reference_id":"CVE-2011-1028","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1028"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2011-1028","reference_id":"CVE-2011-1028","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2011-1028"},{"reference_url":"https://github.com/advisories/GHSA-6frx-2r5w-c524","reference_id":"GHSA-6frx-2r5w-c524","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6frx-2r5w-c524"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20213?format=json","purl":"pkg:composer/smarty/smarty@3.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/402832?format=json","purl":"pkg:composer/smarty/smarty@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrk-mr94-huar"},{"vulnerability":"VCID-3mxe-phrs-j7d1"},{"vulnerability":"VCID-85qb-yjs9-4kc8"},{"vulnerability":"VCID-bcsf-ygsf-gkf8"},{"vulnerability":"VCID-g4mk-4raf-a3bj"},{"vulnerability":"VCID-hx89-epmr-qqd6"},{"vulnerability":"VCID-j99h-vc6w-hyd5"},{"vulnerability":"VCID-jjju-kned-ufhr"},{"vulnerability":"VCID-ke5v-yxmm-fydq"},{"vulnerability":"VCID-q28h-yy5c-6qgk"},{"vulnerability":"VCID-u5f6-hy8m-5qd6"},{"vulnerability":"VCID-ukne-sz3k-xkhf"},{"vulnerability":"VCID-vtgu-facr-b7a2"},{"vulnerability":"VCID-yvk2-k49u-1bat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@3.1.11"}],"aliases":["CVE-2011-1028","GHSA-6frx-2r5w-c524"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrs9-nmbk-27hy"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/smarty/smarty@2.6.33"}