smarty/smarty is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of file path that allows the external files to be references through trusted_dir
, causing a directory traversal attack. This issue is also referenced in CVE-2018-13982.