Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-48160832A6391916DF7EA751415AB2A0HistoryFeb 15, 2019 - 12:00 a.m.
Code Injection
2019-02-1500:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
9
EPSS
0.035
Percentile
91.6%
The from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.
Related
exploitdb
exploitdb
Jinja2 2.10 - 'from_string' Server Side Template Injection
2019-02-15 00:00:00
zdt
zdt
Jinja2 2.10 - (from_string) Server Side Template Injection Exploit
2019-02-17 00:00:00
packetstorm
packetstorm
Jinja2 2.10 Command Injection
2019-02-16 00:00:00
exploitpack
exploitpack
Jinja2 2.10 - from_string Server Side Template Injection
2019-02-15 00:00:00
cve
cve
CVE-2019-8341
2019-02-15 07:29:00
cvelist
cvelist
CVE-2019-8341
2019-02-15 07:00:00
ubuntucve
ubuntucve
CVE-2019-8341
2019-02-15 00:00:00
prion
prion
Sql injection
2019-02-15 07:29:00
redhatcve
redhatcve
CVE-2019-8341
2019-02-15 14:19:34
debiancve
debiancve
CVE-2019-8341
2019-02-15 07:29:00
nvd
nvd
CVE-2019-8341
2019-02-15 07:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3096-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1156-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for python-Jinja2 (openSUSE-SU-2019:1395-1)
2019-05-14 00:00:00
suse
suse
Security update for python-Jinja2 (important)
2019-06-24 00:00:00
Security update for python-Jinja2 (important)
2019-05-13 00:00:00
nessus
nessus
openSUSE Security Update : python-Jinja2 (openSUSE-2019-1395)
2019-05-14 00:00:00
openSUSE Security Update : python-Jinja2 (openSUSE-2019-1614)
2019-06-25 00:00:00