USN-6012-1

Source

https://ubuntu.com/security/notices/USN-6012-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6012-1.json

Related

CVE-2022-29221

Published

2023-04-13T07:16:07.356149Z

Modified

2023-04-13T07:16:07.356149Z

Summary

smarty3 vulnerability

Details

It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. (CVE-2022-29221)

References

https://ubuntu.com/security/notices/USN-6012-1
https://ubuntu.com/security/CVE-2022-29221

Affected packages

Ubuntu:22.04:LTS / smarty3

Package

Name: smarty3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.39-2ubuntu1.22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "smarty3": "3.1.39-2ubuntu1.22.04.1"
        }
    ]
}