Template authors could inject php code by choosing a malicious {block}
name or {include} file name. (CVE-2022-29221)
- https://bugs.mageia.org/show_bug.cgi?id=30495
- https://lists.debian.org/debian-security-announce/2022/msg00119.html
- https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
- https://github.com/smarty-php/smarty/releases/tag/v4.1.1
- https://www.cve.org/CVERecord?id=CVE-2022-29221
- 8/core/php-smarty-4.1.1-1.mga8
Get the latest Linux and open source security news straight to your inbox.