Vulnerability in N/a

CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

EPSS: 0.626 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/smarty-php/smarty/blob/master/CHANGELOG.md (x_refsource_MISC)
[debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update (mailing-list, x_refsource_MLIST)
[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update (mailing-list, x_refsource_MLIST)
GLSA-202105-06 (vendor-advisory, x_refsource_GENTOO)
DSA-5151 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2021-26119?: CVE-2021-26119 is a vulnerability in N/a. Published 2021-02-22.
Is CVE-2021-26119 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.