RSS   Vulnerabilities for 'Jinja'   RSS

2021-02-01
 
CVE-2020-28493

NVD-CWE-noinfo
 

 
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

 
2019-04-06
 
CVE-2019-10906

 

 
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

 

 >>> Vendor: Palletsprojects 3 Products
Werkzeug
Jinja
Flask


Copyright 2022, cxsecurity.com

 

Back to Top