Filtered by vendor Pocoo
Subscriptions
Filtered by product Jinja2
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8341 | 2 Opensuse, Pocoo | 2 Leap, Jinja2 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing | ||||
| CVE-2014-1402 | 2 Pocoo, Redhat | 3 Jinja2, Enterprise Linux, Rhel Software Collections | 2024-11-21 | N/A |
| The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. | ||||
| CVE-2014-0012 | 1 Pocoo | 1 Jinja2 | 2024-11-21 | N/A |
| FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. | ||||
Page 1 of 1.