CVE-2019-10906

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10906

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10906.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10906

Aliases

Downstream

DEBIAN-CVE-2019-10906

RHSA-2019:1152

RHSA-2019:1237

RHSA-2019:1329

RHSA-2019:3172

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2019:1156-1

SUSE-SU-2019:1554-1

SUSE-SU-2020:3096-1

SUSE-SU-2020:3897-1

UBUNTU-CVE-2019-10906

USN-4011-1

USN-4011-2

openSUSE-SU-2019:1395-1

openSUSE-SU-2024:11208-1

openSUSE-SU-2024:13930-1

Related

Published

2019-04-07T00:29:00.213Z

Modified

2025-11-14T09:03:38.446724Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

References

Affected packages

Git / github.com/pallets/jinja

Affected ranges

Type: GIT
Repo: https://github.com/pallets/jinja
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c4c4088945a2c12535f539be7f5453b9ca94666c

Affected versions

2.*

2.0

2.0rc1

2.1

2.1.1

2.10

2.2

2.2.1

2.3

2.3.1

2.4

2.4.1

2.5

2.5.1

2.5.3

2.5.4

2.5.5

2.6

2.7

2.7.1

2.7.2

2.7.3

2.8

2.8.1

2.9

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10906.json"