Lucene search

K

Gentoo FoundationGLSA-201408-13

HistoryAug 29, 2014 - 12:00 a.m.

Jinja2: Multiple vulnerabilities

2014-08-2900:00:00

Gentoo Foundation

security.gentoo.org

20

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

10.1%

Background

Jinja2 is a template engine written in pure Python.

Description

Multiple vulnerabilities have been discovered in Jinja2. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could gain escalated privileges via a specially crafted cache file or pre-created temporary directory.

Workaround

There is no known workaround at this time.

Resolution

All Jinja2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-python/jinja-2.7.3"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-python/jinja< 2.7.3UNKNOWN

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

10.1%

Related for GLSA-201408-13

osv7 ubuntu1 nessus12 prion2 openvas9 github2 ubuntucve2 debiancve2 cve2 nvd2 cvelist2 redhat2 amazon1 mageia1 fedora2 oraclelinux1 veracode1 suse2 centos1 gitlab1 securityvulns1