CVE-2022-29221
Published: 24 May 2022
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Notes
| Author | Note |
|---|---|
| ccdm94 | postfixadmin does not contain embedded copies of smarty in trusty and xenial. In bionic, postfixadmin contains an embedded smarty copy at version 3.1.29, while in jammy it contains an embedded copy at version 3.1.33. In lunar and mantic this copy is at version 4.3.0. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
collabtive Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| xenial |
Needs triage
|
|
|
galette Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| xenial |
Needs triage
|
|
|
gosa Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
postfixadmin Launchpad, Ubuntu, Debian |
bionic |
Released
(3.0.2-2ubuntu0.1~esm1)
Available with Ubuntu Pro |
| focal |
Released
(3.2.1-3ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(3.3.10-2ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Not vulnerable
(see notes)
|
|
| mantic |
Not vulnerable
(see notes)
|
|
| noble |
Not vulnerable
(see notes)
|
|
| upstream |
Needed
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
smarty3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(3.1.39-2ubuntu1.22.04.1)
|
|
| kinetic |
Released
(3.1.39-2ubuntu1.22.10.1)
|
|
| lunar |
Released
(3.1.39-2ubuntu2)
|
|
| mantic |
Released
(3.1.39-2ubuntu2)
|
|
| noble |
Released
(3.1.39-2ubuntu2)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
smarty4 Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
- https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
- https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
- https://github.com/smarty-php/smarty/releases/tag/v3.1.45
- https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
- https://github.com/smarty-php/smarty/releases/tag/v4.1.1
- https://ubuntu.com/security/notices/USN-6012-1
- https://ubuntu.com/security/notices/USN-6550-1
- https://www.cve.org/CVERecord?id=CVE-2022-29221
- NVD
- Launchpad
- Debian