Showing 1 - 5 of 5

CVE-2019-10906

Status Candidate

Overview

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Ubuntu Security Notice USN-4011-2: Posted Jun 6, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4011-2 - USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. Various other issues were also addressed.; tags | advisory, vulnerability; systems | linux, ubuntu; advisories | CVE-2016-10745, CVE-2019-10906; SHA-256 | 16cfaa3e64480ac0a258651131028577af813ae90b7648d6be5ddd582e0f8829; Download | Favorite | View

Ubuntu Security Notice USN-4011-1: Posted Jun 6, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4011-1 - Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2016-10745, CVE-2019-10906; SHA-256 | c913444dd32ed30587f5aab7e3218a0c7705b9d44a792724c1fde4c345788ea3; Download | Favorite | View

Red Hat Security Advisory 2019-1329-01: Posted Jun 4, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1329-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape vulnerability.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2019-10906; SHA-256 | 5a9f47866c29752e20594731fc1b6a6836ba2607b27e0026288f18f7e9efa8dc; Download | Favorite | View

Red Hat Security Advisory 2019-1237-01: Posted May 16, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2016-10745, CVE-2019-10906; SHA-256 | a7524274e041f70601d5a5607cdf562d36f391be932c212a56d22b3047e12dbf; Download | Favorite | View

Red Hat Security Advisory 2019-1152-01: Posted May 13, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1152-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape vulnerability.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2019-10906; SHA-256 | 0f160ca57978bc7fbb6f3879736341402943bf5feb6ef1b51ef77e2be99fc5ee; Download | Favorite | View

Page 1 of 1 Back 1 Next