what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2019-10906

Status Candidate

Overview

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Related Files

Ubuntu Security Notice USN-4011-2
Posted Jun 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4011-2 - USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10745, CVE-2019-10906
MD5 | 334f54291ccbae418a095a0d4322c3fc
Ubuntu Security Notice USN-4011-1
Posted Jun 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4011-1 - Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-10745, CVE-2019-10906
MD5 | 35714135c42e4cbc629e4cd3cd3d4236
Red Hat Security Advisory 2019-1329-01
Posted Jun 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1329-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-10906
MD5 | 6be976ba0c2b874c7d96f99a9e1e58ec
Red Hat Security Advisory 2019-1237-01
Posted May 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-10745, CVE-2019-10906
MD5 | 200036d5353c15a66c1345c138b8040b
Red Hat Security Advisory 2019-1152-01
Posted May 13, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1152-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-10906
MD5 | c5246f341ceb4d9acdfb7fe07e1889e3
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close