Vulnerability Database
Blog
FAQ
Docs
PYSEC-2019-220
See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2019-220.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-220
Aliases
CVE-2016-10745
GHSA-hj2j-77xm-mc5v
Published
2019-04-08T13:29:00Z
Modified
2023-11-01T04:46:45.249501Z
Summary
[none]
Details
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
References
https://palletsprojects.com/blog/jinja-281-released/
https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
https://access.redhat.com/errata/RHSA-2019:1022
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
https://access.redhat.com/errata/RHSA-2019:1237
https://access.redhat.com/errata/RHSA-2019:1260
https://usn.ubuntu.com/4011-1/
https://usn.ubuntu.com/4011-2/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
https://access.redhat.com/errata/RHSA-2019:3964
https://access.redhat.com/errata/RHSA-2019:4062
https://github.com/advisories/GHSA-hj2j-77xm-mc5v
Affected packages
PyPI
/
jinja2
Package
Name
jinja2
View open source insights on deps.dev
Purl
pkg:pypi/jinja2
Affected ranges
Type
GIT
Repo
https://github.com/pallets/jinja
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
9b53045c34e61013dc8f09b7e52a555fa16bed16
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2.8.1
Affected versions
2.*
2.0rc1
2.0
2.1
2.1.1
2.2
2.2.1
2.3
2.3.1
2.4
2.4.1
2.5
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.6
2.7
2.7.1
2.7.2
2.7.3
2.8
PYSEC-2019-220 - OSV