CVE-2018-13982

{"id": "CVE-2018-13982", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-09-18T21:29:02.247", "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files."}, {"lang": "es", "value": "Smarty_Security::isTrustedResourceDir() en Smarty en versiones anteriores a la 3.1.33 es propenso a una vulnerabilidad de salto de directorio debido al saneamiento insuficiente de c\u00f3digos de plantilla. Esto permite que los atacantes que controlan el c\u00f3digo de plantilla ejecutado omitan las restricciones de seguridad del directorio de confianza y lean archivos arbitrarios."}], "lastModified": "2021-11-02T14:01:02.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0613AA6E-3478-438E-974B-88FF5DC03791", "versionEndExcluding": "3.1.33"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}