Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2014-0012

Published: 19/05/2014 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Jinja2

Vulnerability Summary

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pocoo jinja2 2.7.2

Vendor Advisories

Ubuntu Security Notice: jinja2 vulnerabilities
A security issue was fixed in Jinja2 ...
Debian CVElist Bug Report Logs: jinja2: CVE-2014-0012: unsafe temporary files creation
Debian Bug report logs - #734956 jinja2: CVE-2014-0012: unsafe temporary files creation Package: jinja2; Maintainer for jinja2 is Piotr Ożarowski <piotr@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Jan 2014 07:24:02 UTC Severity: important Tags: security, upstream Found in versio ...
Debian CVElist Bug Report Logs: jinja2: CVE-2014-1402: jinja2.bccache.FileSystemBytecodeCache: insecure default directory
Debian Bug report logs - #734747 jinja2: CVE-2014-1402: jinja2bccacheFileSystemBytecodeCache: insecure default directory Package: python-jinja2; Maintainer for python-jinja2 is Piotr Ożarowski <piotr@debianorg>; Source for python-jinja2 is src:jinja2 (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> ...
Red Hat: CVE-2014-0012
FileSystemBytecodeCache in Jinja2 272 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402 ...

Github Repositories

https://github.com/LoricAndre/OSV_Commits_Analysis

Analysis on vulnerability database osv.dev focused on commit-related data

OSVdev analysis Setup Data Run make data/swhdb to fetch the data from OSV and add it to the database, creating a csv file at data/osvcsv graph-tool Shell The shell is used to colorize graphs using parquet file and is not optimized for large graphs Requirements The shell and more specifically utils/pq_graphpy require graph-tool As this is a package not available through p

References

CWE-264https://bugzilla.redhat.com/show_bug.cgi?id=1051421https://github.com/mitsuhiko/jinja2/pull/292https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7http://seclists.org/oss-sec/2014/q1/73https://github.com/mitsuhiko/jinja2/pull/296http://secunia.com/advisories/60738http://www.gentoo.org/security/en/glsa/glsa-201408-13.xmlhttp://secunia.com/advisories/56328https://usn.ubuntu.com/2301-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-0012
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook