CVE-2022-29221
Publication date 24 May 2022
Last updated 24 July 2024
Ubuntu priority
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| collabtive | 16.04 LTS xenial |
Needs evaluation
|
| galette | 16.04 LTS xenial |
Needs evaluation
|
| gosa | 24.04 LTS noble |
Needs evaluation
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| postfixadmin | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Fixed 3.3.10-2ubuntu0.1~esm1
|
|
| 20.04 LTS focal |
Fixed 3.2.1-3ubuntu0.1~esm1
|
|
| 18.04 LTS bionic |
Fixed 3.0.2-2ubuntu0.1~esm1
|
|
| 16.04 LTS xenial |
Not affected
|
|
| smarty3 | 24.04 LTS noble |
Fixed 3.1.39-2ubuntu2
|
| 22.04 LTS jammy |
Fixed 3.1.39-2ubuntu1.22.04.1
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| smarty4 | 24.04 LTS noble |
Needs evaluation
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
ccdm94
postfixadmin does not contain embedded copies of smarty in trusty and xenial. In bionic, postfixadmin contains an embedded smarty copy at version 3.1.29, while in jammy it contains an embedded copy at version 3.1.33. In lunar and mantic this copy is at version 4.3.0.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6012-1
- Smarty vulnerability
- 13 April 2023
- USN-6550-1
- PostfixAdmin vulnerabilities
- 12 December 2023
Other references
- https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
- https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
- https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
- https://github.com/smarty-php/smarty/releases/tag/v3.1.45
- https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
- https://github.com/smarty-php/smarty/releases/tag/v4.1.1
- https://www.cve.org/CVERecord?id=CVE-2022-29221