GHSA-6m9f-8vwq-97pm, CVE-2009-5054
packagist/smarty/smarty
Smarty Does Not Consider Umask Values When Setting Permissions
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
All versions before 3.0.0-beta4
Upgrade to version 3.0.0-beta4 or above. Note: 3.0.0-beta4 may be an unstable version. Use caution.
2024-02-09
source |