Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. References: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal
Created php-Smarty tracking bugs for this issue: Affects: epel-all [bug 1631098] Affects: fedora-all [bug 1631096] Created php-Smarty2 tracking bugs for this issue: Affects: fedora-all [bug 1631097]
All dependent bugs have been closed. Can this tracking bug be closed?
Yes, it definitely can.