3 matches found
Security update for python-dynaconf (important)
openSUSE security update: security update for python-dynaconf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20429-1 Rating: important References: bsc1260063 Cross-References: CVE-2026-33154 Affected Products: openSUSE Leap 16.0...
python311-dynaconf-3.2.13-1.1 on GA media (moderate)
python311-dynaconf-3.2.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10411-1 Rating: moderate Cross-References: CVE-2026-33154 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
CVE-2026-33154
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...