Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4723 to the following vulnerability: Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4723 [2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Relevant Smarty Changelog entry: 04/11/2010 - bugfix do not allow access of dynamic and private object members of assigned objects when security is enabled. and particular SVN log record to it: r3719 | uwe.tews | 2010-11-04 16:53:28 +0100 (Thu, 04 Nov 2010) | 2 lines - bugfix do not allow access of dynamic and private object members of assigned objects when security is enabled.
Created attachment 530056 [details] Smarty r3719 SVN repository upstream patch
This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 14 and 15 (the relevant code in question does NOT exist in those versions yet). -- This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora EPEL 5 and Fedora EPEL 6 repositories (the relevant code in question does NOT exist in those versions yet).