Candidate: CVE-2017-1000480
PublicDate: 2018-01-03 18:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000480
 https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
Description:
 Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling
 fetch() or display() functions on custom resources that does not sanitize
 template name.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_smarty3:
upstream_smarty3: needs-triage
precise/esm_smarty3: DNE
trusty_smarty3: ignored (out of standard support)
trusty/esm_smarty3: DNE
xenial_smarty3: ignored (end of standard support, was needed)
bionic_smarty3: released (3.1.31+20161214.1.c7d42e4+selfpack1-3)
disco_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
eoan_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
focal_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
groovy_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
hirsute_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
impish_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
jammy_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)
devel_smarty3: not-affected (3.1.31+20161214.1.c7d42e4+selfpack1-3)