CVE-2021-26119: Trust Boundary Violation

February 22, 2021 (updated October 14, 2022)

Smarty allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

References

nvd.nist.gov/vuln/detail/CVE-2021-26119

Detect and mitigate CVE-2021-26119 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →