UBUNTU-CVE-2018-13982

Source
https://ubuntu.com/security/CVE-2018-13982
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-13982.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-13982
Related
Published
2018-09-18T21:29:00Z
Modified
2018-09-18T21:29:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

References

Affected packages

Ubuntu:18.04:LTS / smarty3

Package

Name
smarty3
Purl
pkg:deb/ubuntu/smarty3?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1

Affected versions

3.*

3.1.31+20161214.1.c7d42e4+selfpack1-2
3.1.31+20161214.1.c7d42e4+selfpack1-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1",
            "binary_name": "smarty3"
        }
    ]
}

Ubuntu:20.04:LTS / smarty3

Package

Name
smarty3
Purl
pkg:deb/ubuntu/smarty3?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.33+20180830.1.3a78a21f+selfpack1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.1.33+20180830.1.3a78a21f+selfpack1-1",
            "binary_name": "smarty3"
        }
    ]
}