CVE-2016-10745: Jinja2 sandbox escape vulnerability
(updated )
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
References
- access.redhat.com/errata/RHSA-2019:1022
- access.redhat.com/errata/RHSA-2019:1237
- access.redhat.com/errata/RHSA-2019:1260
- access.redhat.com/errata/RHSA-2019:3964
- access.redhat.com/errata/RHSA-2019:4062
- github.com/advisories/GHSA-hj2j-77xm-mc5v
- github.com/pallets/jinja
- github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
- github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
- nvd.nist.gov/vuln/detail/CVE-2016-10745
- palletsprojects.com/blog/jinja-281-released
- usn.ubuntu.com/4011-1
- usn.ubuntu.com/4011-2
Code Behaviors & Features
Detect and mitigate CVE-2016-10745 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →