EPSS
Percentile
10.1%
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
bccache.FileSystemBytecodeCache
.cache
__jinja2_
/tmp
bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
bugzilla.redhat.com/CVE-2014-1402
github.com/mitsuhiko/jinja2/commit/acb672b6