Download
| Alert*
oval:org.secpod.oval:def:1601012
In Pallets Jinja, str.format allows a sandbox escape oval:org.secpod.oval:def:205199 The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix: * python-jinja2: Sandbox escape due to information disclosure via str.format For ... oval:org.secpod.oval:def:1901810 Issue related to CVE-2019-10906, str.format vulnerability oval:org.secpod.oval:def:505112 The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix: * python-jinja2: Sandbox escape due to information disclosure via str ... oval:org.secpod.oval:def:502652 The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix: * python-jinja2: Sandbox escape due to information disclosure via str.format For ... oval:org.secpod.oval:def:55525 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:2104978 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:504856 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:2002064 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. oval:org.secpod.oval:def:89050830 This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in from_string . - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format . oval:org.secpod.oval:def:1502499 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:704998 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:1700187 In Pallets Jinja, str.format allows a sandbox escape |