Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Jinja2 due to vulnerability #29

Open
gregelin opened this issue Apr 6, 2020 · 0 comments
Open

Upgrade Jinja2 due to vulnerability #29

gregelin opened this issue Apr 6, 2020 · 0 comments
Assignees
@gregelin
Labels
bug

Comments

@gregelin
Copy link
Contributor

gregelin commented Apr 6, 2020

Jinja2>=2.10.1
Always verify the validity and compatibility of suggestions with your codebase.

Details

CVE-2019-10906

high severity
Vulnerable versions: < 2.10.1
Patched version: 2.10.1
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2016-10745

high severity
Vulnerable versions: < 2.8.1
Patched version: 2.8.1
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
@gregelin gregelin added the bug label Apr 6, 2020
@gregelin gregelin self-assigned this Apr 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gregelin gregelin

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gregelin