CVE-2009-5054

Smarty Does Not Consider Umask Values When Setting Permissions in packagist/smarty/smarty

Identifiers

GHSA-6m9f-8vwq-97pm, CVE-2009-5054

Package Slug

packagist/smarty/smarty

Vulnerability

Smarty Does Not Consider Umask Values When Setting Permissions

Description

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

Affected Versions

All versions before 3.0.0-beta4

Solution

Upgrade to version 3.0.0-beta4 or above. Note: 3.0.0-beta4 may be an unstable version. Use caution.

Last Modified

2024-02-09

source