CVE-2021-26119

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.39

Description The issue allows a Sandbox Escape because the $smarty.template object can be accessed in sandbox mode. This is due to insufficient access control when handling the $smarty.template object. Exploitation of this issue may allow a remote attacker to bypass sandbox restrictions.

Recommendations For versions prior to 3.1.39, upgrade to 3.1.39 or higher as soon as possible to prevent the bypassing of sandbox protection. As a temporary workaround, consider restricting access to the $smarty.template object until a patch is applied.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

BDU:2022-02201

CVE-2021-26119

DLA-2618-1

DLA-2618-2

DSA-5151-1

GHSA-W5HR-JM4J-9JVQ

MGASA-2021-0335

MGASA-2022-0127

USN-5348-1

USN-5348-2

USN-5348-3

Affected Products

Linuxmint

Smarty

Ubuntu

CVE-2021-26119

Weakness Enumeration

Related Identifiers

Affected Products

References · 49