Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2021-21408

Published: 10/01/2022 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Smarty

Vulnerability Summary

It exists that Smarty was incorrectly validating security policy data, allowing the execution of static classes even when not permitted by the security settings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-21408)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

smarty smarty

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Debian CVElist Bug Report Logs: smarty4: CVE-2021-21408 CVE-2021-29454
Debian Bug report logs - #1010375 smarty4: CVE-2021-21408 CVE-2021-29454 Package: src:smarty4; Maintainer for src:smarty4 is Mike Gabriel <sunweaver@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Apr 2022 20:57:02 UTC Severity: grave Tags: security, upstream Found in version smarty4 ...
Ubuntu Security Notice: USN-5348-1: Smarty vulnerabilities
Several security issues were fixed in Smarty ...
Debian Security Advisories: DSA-5151-1 smarty3 -- security update
Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name If a math string was passed through as user provided data to the ...

References

CWE-20https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664https://github.com/smarty-php/smarty/releases/tag/v3.1.43https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6mhttps://github.com/smarty-php/smarty/releases/tag/v4.0.3https://lists.debian.org/debian-lts-announce/2022/05/msg00005.htmlhttps://www.debian.org/security/2022/dsa-5151https://security.gentoo.org/glsa/202209-09https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010375https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5348-1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook