Download
| Alert*
oval:org.secpod.oval:def:601735
python-jinja2 is installed oval:org.secpod.oval:def:702140 jinja2: small but fast and easy to use stand-alone template engine A security issue was fixed in Jinja2. oval:org.secpod.oval:def:708722 jinja2: documentation for the Jinja2 Python library Several security issues were fixed in jinja2. oval:org.secpod.oval:def:98219 jinja2: documentation for the Jinja2 Python library Several security issues were fixed in jinja2. oval:org.secpod.oval:def:98678 jinja2: documentation for the Jinja2 Python library Several security issues were fixed in jinja2. oval:org.secpod.oval:def:98765 jinja2: documentation for the Jinja2 Python library Several security issues were fixed in jinja2. oval:org.secpod.oval:def:2000395 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:1901285 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:1901824 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:1901810 Issue related to CVE-2019-10906, str.format vulnerability oval:org.secpod.oval:def:55525 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:2002064 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. oval:org.secpod.oval:def:704998 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. |