Sandbox protection could be bypassed through access to an internal Smarty object that should have been blocked. Sites that rely on Smarty Security features should upgrade as soon as possible. Please upgrade to 3.1.39 or higher.
github.com/FriendsOfPHP/security-advisories/blob/master/smarty/smarty/CVE-2021-26119.yaml
github.com/smarty-php/smarty
github.com/smarty-php/smarty/blob/master/CHANGELOG.md
github.com/smarty-php/smarty/security/advisories/GHSA-w5hr-jm4j-9jvq
lists.debian.org/debian-lts-announce/2021/04/msg00004.html
lists.debian.org/debian-lts-announce/2021/04/msg00014.html
nvd.nist.gov/vuln/detail/CVE-2021-26119
security.gentoo.org/glsa/202105-06
srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html
www.debian.org/security/2022/dsa-5151