Lucene search
Veracode Vulnerability DatabaseVERACODE:29200HistoryFeb 02, 2021 - 1:28 a.m.
Regular Expression Denial Of Service (ReDoS)
2021-02-0201:28:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
jinja2
redos
regular expression denial of service
urlize filter
high process memory
application crash
software
EPSS
0.002
Percentile
57.3%
jinja2 is vulnerable to regular expression denial of service. The regex sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ used to format user content in the urlize filter consumes high process memory and can lead to an application crash.
References
github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
github.com/pallets/jinja/pull/1343
lists.fedoraproject.org/archives/list/[email protected]/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
security.gentoo.org/glsa/202107-19
Related
nessus
nessus
CentOS 8 : python-jinja2 (CESA-2021:4161)
2021-11-11 00:00:00
Rocky Linux 8 : python-jinja2 (RLSA-2021:4161)
2023-11-07 00:00:00
EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2021-2538)
2021-09-27 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: mingw-python-jinja2-2.11.3-1.fc33
2021-03-15 01:19:56
ubuntucve
ubuntucve
CVE-2020-28493
2021-02-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:14644-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2609)
2021-10-26 00:00:00
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2482)
2021-09-24 00:00:00
redhatcve
redhatcve
CVE-2020-28493
2021-02-15 12:33:42
alpinelinux
alpinelinux
CVE-2020-28493
2021-02-01 20:15:12
ibm
ibm
Security Bulletin: IBM Security QRadar Network Threat Analytics uses component jinja2 with a denial of service vulnerability (CVE-2020-28493)
2022-09-16 15:41:17
cve
cve
CVE-2020-28493
2021-02-01 20:15:12
nvd
nvd
CVE-2020-28493
2021-02-01 20:15:12
gitlab
gitlab
Regular Expression Denial of Service
2021-02-01 00:00:00
osv
osv
CVE-2020-28493
2021-02-01 20:15:12
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
Moderate: python-jinja2 security update
2021-11-09 08:26:43
rocky
rocky
python-jinja2 security update
2021-11-09 08:26:43
python27:2.7 security update
2021-11-09 08:24:39
python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
redhat
redhat
(RHSA-2021:4161) Moderate: python-jinja2 security update
2021-11-09 08:26:43
(RHSA-2021:3252) Moderate: python27 security update
2021-08-24 07:29:51
(RHSA-2021:4151) Moderate: python27:2.7 security update
2021-11-09 08:24:39
ubuntu
ubuntu
Jinja2 vulnerability
2022-10-26 00:00:00
Jinja2 vulnerabilities
2024-01-25 00:00:00
gentoo
gentoo
Jinja: Denial of service
2021-07-08 00:00:00
archlinux
archlinux
[ASA-202102-19] python-jinja: denial of service
2021-02-07 00:00:00
[ASA-202102-20] python2-jinja: denial of service
2021-02-07 00:00:00
prion
prion
Design/Logic Flaw
2021-02-01 20:15:00
debiancve
debiancve
CVE-2020-28493
2021-02-01 20:15:12
github
github
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
mageia
mageia
Updated python-jinja2 packages fix a security vulnerability
2021-04-12 22:59:59
cvelist
cvelist
CVE-2020-28493 Regular Expression Denial of Service (ReDoS)
2021-02-01 19:30:16
cbl_mariner
cbl_mariner
CVE-2020-28493 affecting package python-jinja2 2.10.1-1
2022-08-12 16:45:07
almalinux
almalinux
Moderate: python-jinja2 security update
2021-11-09 08:26:43
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
oraclelinux
oraclelinux
python27:2.7 security update
2021-11-16 00:00:00
python38:3.8 and python38-devel:3.8 security update
2021-11-16 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00