CVE-2021-21408

Improper Input Validation in packagist/smarty/smarty

Identifiers

CVE-2021-21408, GHSA-4h9c-v5vg-5m6m

Package Slug

packagist/smarty/smarty

Vulnerability

Improper Input Validation

Description

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. A vulnerability was found that may allow template authors could run restricted static php methods.

Affected Versions

All versions before 3.1.43, all versions starting from 4.0.0 before 4.0.3

Solution

Upgrade to versions 3.1.43, 4.0.3 or above.

Last Modified

2022-01-21

source