FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pocoo | jinja2 | 2.7.2 |
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pocoo | jinja2 | 2.5.4 |
| pocoo | jinja2 | 2.7 |
| pocoo | jinja2 | 2.1.1 |
| pocoo | jinja2 | 2.5.2 |
| pocoo | jinja2 | 2.5.3 |
| pocoo | jinja2 | 2.5.1 |
| pocoo | jinja2 | 2.4.1 |
| pocoo | jinja2 | 2.4 |
| pocoo | jinja2 | 2.2 |
| pocoo | jinja2 | 2.3.1 |
| pocoo | jinja2 | 2.0 |
| pocoo | jinja2 | * |
| pocoo | jinja2 | 2.1 |
| pocoo | jinja2 | 2.5.5 |
| pocoo | jinja2 | 2.3 |
| pocoo | jinja2 | 2.2.1 |
| pocoo | jinja2 | 2.6 |
| pocoo | jinja2 | 2.5 |
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.0 |
| opensuse | leap | 42.3 |
| pocoo | jinja2 | 2.10 |
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pocoo | babel | * |
| debian | debian_linux | 10.0 |