CVE-2018-13982 — Smarty Path Traversal Vulnerability

Description

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

How to fix CVE-2018-13982

To remediate CVE-2018-13982, upgrade the affected package to a fixed version below.

—upgrade to 3.1.33+20180830.1.3a78a21f+selfpack1-1 or later
—upgrade to 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2 or later
—upgrade to 3.1.33 or later

Is CVE-2018-13982 being exploited?

Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 3.1.33+20180830.1.3a78a21f+selfpack1-1
from 0, < 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2
from 0, < 3.1.33

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (13)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-13982
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-13982
PATCHgithub.com/smarty-php/smarty
WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2018-13982.yaml