Vulnerability Details : CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Products affected by CVE-2022-29221
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*
- cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29221
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29221
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2022-29221
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by:
- nvd@nist.gov (Secondary)
- security-advisories@github.com (Primary)
References for CVE-2022-29221
-
https://github.com/smarty-php/smarty/releases/tag/v4.1.1
Release v4.1.1 · smarty-php/smarty · GitHubRelease Notes;Third Party Advisory
-
https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
Merge branch 'security/blockfunctioninjection' · smarty-php/smarty@64ad644 · GitHubPatch;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5151
Debian -- Security Information -- DSA-5151-1 smarty3Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/
[SECURITY] Fedora 36 Update: php-Smarty-3.1.47-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202209-09
Smarty: Multiple vulnerabilities (GLSA 202209-09) — Gentoo securityThird Party Advisory
-
https://github.com/smarty-php/smarty/releases/tag/v3.1.45
Release v3.1.45 · smarty-php/smarty · GitHubRelease Notes;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/
[SECURITY] Fedora 37 Update: php-Smarty-3.1.47-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/05/msg00044.html
[SECURITY] [DLA 3033-1] smarty3 security updateMailing List;Third Party Advisory
-
https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
PHP Code Injection by malicious block or filename · Advisory · smarty-php/smarty · GitHubThird Party Advisory
Jump to