CVE-2018-13982: Path Traversal

September 18, 2018 (updated December 7, 2018)

Smarty_Security::isTrustedResourceDir() in Smarty is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

References

github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal

Code Behaviors & Features

Detect and mitigate CVE-2018-13982 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →