Published: 08/04/2019 Updated: 06/06/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In Pallets Jinja prior to 2.8.1, str.format allows a sandbox escape.

Vulnerable Product	Search on Vulmon	Subscribe to Product
palletsprojects jinja

Debian Bug report logs - #926602 jinja2: CVE-2019-10906 Package: src:jinja2; Maintainer for src:jinja2 is Piotr Ożarowski <piotr@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 7 Apr 2019 17:21:01 UTC Severity: grave Tags: patch, security, upstream Found in versions jinja2/210-1, jin ...

Several security issues were fixed in Jinja2 ...

Synopsis Important: python-jinja2 security update Type/Severity Security Advisory: Important Topic An update for python-jinja2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

Synopsis Important: python-jinja2 security update Type/Severity Security Advisory: Important Topic An update for python-jinja2 is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

Synopsis Important: rh-python35-python-jinja2 security update Type/Severity Security Advisory: Important Topic An update for rh-python35-python-jinja2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

Synopsis Important: python27-python and python27-python-jinja2 security and bug fix update Type/Severity Security Advisory: Important Topic An update for python27-python and python27-python-jinja2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a se ...

Synopsis Important: python-jinja2 security update Type/Severity Security Advisory: Important Topic An update for python-jinja2 is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Servic ...

In Pallets Jinja, strformat allows a sandbox escape (CVE-2016-10745) ...

Analysis on vulnerability database osv.dev focused on commit-related data

OSVdev analysis Setup Data Run make data/swhdb to fetch the data from OSV and add it to the database, creating a csv file at data/osvcsv graph-tool Shell The shell is used to colorize graphs using parquet file and is not optimized for large graphs Requirements The shell and more specifically utils/pq_graphpy require graph-tool As this is a package not available through p

CWE-134 https://palletsprojects.com/blog/jinja-281-released/https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16 https://access.redhat.com/errata/RHSA-2019:1022 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html https://access.redhat.com/errata/RHSA-2019:1237 https://access.redhat.com/errata/RHSA-2019:1260 https://usn.ubuntu.com/4011-1/https://usn.ubuntu.com/4011-2/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html https://access.redhat.com/errata/RHSA-2019:3964 https://access.redhat.com/errata/RHSA-2019:4062 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602 https://nvd.nist.gov https://github.com/LoricAndre/OSV_Commits_Analysis https://usn.ubuntu.com/4011-1/

CVE-2016-10745

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect