OESA-2021-1190

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1190
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1190.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1190
Upstream
Published
2021-05-15T11:02:54Z
Modified
2025-08-12T05:06:19.088128Z
Summary
python-jinja2 security update
Details

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications where security is important.

Security Fix(es):

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the _punctuation_re regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.(CVE-2020-28493)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / python-jinja2

Package

Name
python-jinja2
Purl
pkg:rpm/openEuler/python-jinja2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.2-2.oe1

Ecosystem specific 

{
    "src": [
        "python-jinja2-2.11.2-2.oe1.src.rpm"
    ],
    "noarch": [
        "python3-jinja2-2.11.2-2.oe1.noarch.rpm",
        "python-jinja2-help-2.11.2-2.oe1.noarch.rpm",
        "python2-jinja2-2.11.2-2.oe1.noarch.rpm"
    ]
}