Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update version of Jinja2 library to fix CVE found in this repository #98

Open
tisnik opened this issue May 9, 2019 · 0 comments
Open

Update version of Jinja2 library to fix CVE found in this repository #98

tisnik opened this issue May 9, 2019 · 0 comments
Labels
bug Something isn't working

Comments

@tisnik
Copy link
Member

tisnik commented May 9, 2019

Additional information about CVE found:

CVE-2019-10906
More information
high severity
Vulnerable versions: < 2.10.1
Patched version: 2.10.1

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
@tisnik tisnik added the bug Something isn't working label May 9, 2019
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tisnik