CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.

Date published : 2021-02-21

https://security.gentoo.org/glsa/202105-06

https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md