Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
Created php-Smarty tracking bugs for this issue:
Affects: epel-all [bug 1628740]
Affects: fedora-all [bug 1628741]
All dependent bugs have been closed. Can this tracking bug be closed?
In reply to comment #2:
> All dependent bugs have been closed. Can this tracking bug be closed?
Hi! yes, I have closed it. Thanks for checking.