Skip to content

Smarty Does Not Consider Umask Values When Setting Permissions

Moderate severity GitHub Reviewed Published May 2, 2022 to the GitHub Advisory Database • Updated Feb 8, 2024

Package

composer smarty/smarty (Composer)

Affected versions

< 3.0.0-beta4

Patched versions

3.0.0-beta4

Description

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

References

Published by the National Vulnerability Database Feb 3, 2011
Published to the GitHub Advisory Database May 2, 2022
Reviewed Feb 8, 2024
Last updated Feb 8, 2024

Severity

Moderate

EPSS score

0.202%
(59th percentile)

Weaknesses

CVE ID

CVE-2009-5054

GHSA ID

GHSA-6m9f-8vwq-97pm

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.