smarty/smarty is vulnerable to Path Traversal
65
Medium Risk
The built-in stream: template resource in smarty/smarty opens the nested stream wrapper with fopen() without validating it against the configured security policy. Because the stream resource handler is matched before the wrapper allowlist check runs, a template resource such as stream:php://filter/... reaches the underlying php:// wrapper even when Security::$streams restricts or disables stream access. This lets untrusted template input bypass the sandbox and read arbitrary local files. The fix parses the wrapper scheme from the resolved path and validates it with isTrustedStream() before opening the stream.
You are affected if you are using a version that falls within the vulnerable range and your application relies on the Smarty security policy to sandbox untrusted templates.
smarty/smarty is vulnerable to Path Traversal in versions 3.1.11 - 5.8.3.
Upgrade the smarty/smarty library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant