VDB

CVE-2021-21408

CVE-2021-21408 PUBLISHED

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.

EPSS 0.47% · 65.0th percentile

Risk Scores

EPSS Score
0.47%
65.0th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSsmarty30, 3.1.31+20161214.1.c7d42e4+selfpack1-2, 3.1.31+20161214.1.c7d42e4+selfpack1-3
Ubuntu:Pro:20.04:LTSsmarty3*, 0, 3.1.34+20190228.1.c9f0de05+selfpack1-1
Ubuntu:Pro:16.04:LTSsmarty30, 3.1.21-1, 3.1.21-1ubuntu1
Ubuntu:22.04:LTSsmarty33.1.39-2, 0

Exploit Intelligence

Timeline

  • Jan 10, 2022 CVE Published
  • Jan 11, 2022 EPSS Score
  • Mar 5, 2022 EPSS Score
  • Apr 28, 2022 EPSS Score
  • Jun 20, 2022 EPSS Score
  • Aug 14, 2022 EPSS Score
  • Nov 28, 2022 EPSS Score
  • Jan 21, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 15, 2023 EPSS Score
  • May 8, 2023 EPSS Score
  • Jun 30, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›