Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. References: https://github.com/smarty-php/smarty/issues/486
Created php-Smarty tracking bugs for this issue: Affects: epel-all [bug 1628740] Affects: fedora-all [bug 1628741]
All dependent bugs have been closed. Can this tracking bug be closed?
In reply to comment #2: > All dependent bugs have been closed. Can this tracking bug be closed? Hi! yes, I have closed it. Thanks for checking.