Lucene search
MitreCVELIST:CVE-2019-8341HistoryFeb 15, 2019 - 7:00 a.m.
CVE-2019-8341
2019-02-1507:00:00
mitre
www.cve.org
8
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the “source” parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn’t valid because users shouldn’t use untrusted templates without sandboxing
References
Related
exploitdb
exploitdb
Jinja2 2.10 - 'from_string' Server Side Template Injection
2019-02-15 00:00:00
zdt
zdt
Jinja2 2.10 - (from_string) Server Side Template Injection Exploit
2019-02-17 00:00:00
packetstorm
packetstorm
Jinja2 2.10 Command Injection
2019-02-16 00:00:00
exploitpack
exploitpack
Jinja2 2.10 - from_string Server Side Template Injection
2019-02-15 00:00:00
cve
cve
CVE-2019-8341
2019-02-15 07:29:00
ubuntucve
ubuntucve
CVE-2019-8341
2019-02-15 00:00:00
gitlab
gitlab
Code Injection
2019-02-15 00:00:00
redhatcve
redhatcve
CVE-2019-8341
2019-02-15 14:19:34
prion
prion
Sql injection
2019-02-15 07:29:00
nvd
nvd
CVE-2019-8341
2019-02-15 07:29:00
debiancve
debiancve
CVE-2019-8341
2019-02-15 07:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3096-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1156-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for python-Jinja2 (openSUSE-SU-2019:1395-1)
2019-05-14 00:00:00
suse
suse
Security update for python-Jinja2 (important)
2019-06-24 00:00:00
Security update for python-Jinja2 (important)
2019-05-13 00:00:00
nessus
nessus
openSUSE Security Update : python-Jinja2 (openSUSE-2019-1395)
2019-05-14 00:00:00
openSUSE Security Update : python-Jinja2 (openSUSE-2019-1614)
2019-06-25 00:00:00