Is CVE-2014-8350 fixed in 2.6.x?

smarty-php / smarty

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

Other

2.26k stars 711 forks source link

Is CVE-2014-8350 fixed in 2.6.x? #387

Closed ktomk closed 7 years ago

ktomk commented 7 years ago

I was stumbling over CVE-2014-8350 and all the information I could find that it is fixed in 3.x.

Can anyone say if this is fixed in 2.6.30?

hija commented 7 years ago

The vulnerable versions of smarty can be find here:

https://www.cvedetails.com/cve/CVE-2014-8350/

Thus, the current smarty versions (2.6.30 and 3.1.30) should not be vulnerable to CVE-2014-8350.

ktomk commented 7 years ago

The data-source used by that website says about it's own that it is only informative and must not be complete. Better would be to know from the source (this project here) and not from some other website.

uwetews commented 7 years ago

I checked back until versions 2.6.24 and 3.1.21. Whenever this problem may have existed it was fixed may years ago.