CVE-2021-21408, GHSA-4h9c-v5vg-5m6m
packagist/smarty/smarty
Improper Input Validation
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. A vulnerability was found that may allow template authors could run restricted static php methods.
All versions before 3.1.43, all versions starting from 4.0.0 before 4.0.3
Upgrade to versions 3.1.43, 4.0.3 or above.
2022-01-21
source |