CVE-2019-10906 — Improper Neutralization of Special Elements in Jinja

CWE-138 — Improper Neutralization of Special Elements CWE-693 — Protection Mechanism Failure18 documents9 sources

Severity

8.6HIGHNVD

EPSS

3.5%

top 12.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pocoo Jinja2 Palletsprojects Jinja Canonical Ubuntu Linux +3 more

Timeline

PublishedApr 7

Latest updateJun 6

Description

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages6 packages

▶NVDpalletsprojects/jinja< 2.10.1

▶PyPIpocoo/jinja2< 2.10.1

▶Debianpocoo/jinja2< 2.10-2+3

▶Ubuntupocoo/jinja2< 2.8-1ubuntu0.1+1

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Fedora 28, 29, 30, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, 19.04

🔴Vulnerability Details

OSV

jinja2 vulnerabilities↗2019-06-06

▶

OSV

jinja2 vulnerabilities↗2019-06-06

▶

OSV

Jinja2 sandbox escape via string formatting↗2019-04-10

▶

GHSA

Jinja2 sandbox escape via string formatting↗2019-04-10

▶

OSV

CVE-2019-10906: In Pallets Jinja before 2↗2019-04-07

▶

📋Vendor Advisories

Ubuntu

Jinja2 vulnerabilities↗2019-06-06

▶

Ubuntu

Jinja2 vulnerabilities↗2019-06-06

▶

Microsoft

In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape.↗2019-04-09

▶

Red Hat

python-jinja2: str.format_map allows sandbox escape↗2019-04-06

▶

Debian

CVE-2019-10906: jinja2 - In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.↗2019

▶

💬Community

Bugzilla

CVE-2019-10906 python3-jinja2: python-jinja2: str.format_map allows sandbox escape [epel-7]↗2019-04-11

▶

Bugzilla

CVE-2019-10906 python-jinja2: str.format_map allows sandbox escape↗2019-04-11

▶

Bugzilla

CVE-2019-10906 python-jinja2: str.format_map allows sandbox escape [openstack-rdo]↗2019-04-11

▶

Bugzilla

CVE-2019-10906 python-jinja2: str.format_map allows sandbox escape [fedora-all]↗2019-04-11

▶

Bugzilla

CVE-2019-10906 python-jinja2-26: python-jinja2: str.format_map allows sandbox escape [epel-6]↗2019-04-11

▶