Vulnerabilities > CVE-2021-26119

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
smarty
debian
NVD
Published: 2021-02-22
Updated: 2022-10-14

Summary

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

Vulnerable Configurations

Part Description Count
Application
Smarty
123
OS
Debian
3

References