Published: 01/02/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

This affects the package jinja2 from 0.0.0 and prior to 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
palletsprojects jinja
fedoraproject fedora 33

Debian Bug report logs - #982736 jinja2: CVE-2020-28493 Package: src:jinja2; Maintainer for src:jinja2 is Piotr Ożarowski <piotr@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Feb 2021 18:30:02 UTC Severity: important Tags: security, upstream Found in versions jinja2/2112-1, jinj ...

Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...

Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...

Synopsis Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...

A security issue was found in python-jinja before version 2113 The regular expression denial of service vulnerability is mainly due to the sub-pattern [a-zA-Z0-9_-]+[a-zA-Z0-9_-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory ...

Poetry plugin for checking vulnerabilities in dependencies 🚀

Poetry Audit Plugin Poetry plugin for checking security vulnerabilities in dependencies based on safety $ poetry audit Scanning 19 packages • ansible-runner installed 112 affected <131 CVE PVE-2021-36995 • ansible-tower-cli installed 318 affected <320 CVE CVE-2020-1733 • jinja2 installed 20 affected &am

CWE-400 https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20 https://github.com/pallets/jinja/pull/1343 https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 https://security.gentoo.org/glsa/202107-19 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736 https://nvd.nist.gov https://github.com/opeco17/poetry-audit-plugin https://security.archlinux.org/CVE-2020-28493

CVE-2020-28493

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect