You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Sandbox Escape by math function in smarty
High severity
GitHub Reviewed
Published
Jan 9, 2022
in
smarty-php/smarty
•
Updated Feb 7, 2024
Template authors could run arbitrary PHP code by crafting a malicious math string.
If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string.
Impact
Template authors could run arbitrary PHP code by crafting a malicious math string.
If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string.
Patches
Please upgrade to 4.0.2 or 3.1.42 or higher.
References
See documentation on Math function.
For more information
If you have any questions or comments about this advisory please open an issue in the Smarty repo
References