CVE-2016-10745
Summary
| CVE | CVE-2016-10745 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-04-08 13:29:00 UTC |
|---|
| Updated | 2019-06-06 16:29:00 UTC |
|---|
| Description | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| SECURITY: support sandboxing in format expressions · pallets/jinja@9b53045 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| USN-4011-1: Jinja2 vulnerabilities | Ubuntu security notices | Ubuntu |
UBUNTU |
usn.ubuntu.com |
|
| [security-announce] openSUSE-SU-2019:1395-1: important: Security update |
SUSE |
lists.opensuse.org |
|
| Jinja 2.8.1 Security Release | The Pallets Projects |
MISC |
palletsprojects.com |
Vendor Advisory |
| USN-4011-2: Jinja2 vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| [security-announce] openSUSE-SU-2019:1614-1: important: Security update |
SUSE |
lists.opensuse.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
REDHAT |
access.redhat.com |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
REDHAT |
access.redhat.com |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 377219 Alibaba Cloud Linux Security Update for python-jinja2 (ALINUX2-SA-2019:0028)
- 981042 Python (pip) Security Update for Jinja2 (GHSA-hj2j-77xm-mc5v)
