In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape.

...

SUSE CVE-2019-10906

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

GHSA-462W-V97R-4M45 Jinja2 sandbox escape via string formatting

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. The sandbox is used to restrict what code can be evaluated when rendering untrusted, user-provided templates. Due to the way string formatting works in Python, the str.formatmap method could be used to escape the sandbox. This...

PYSEC-2019-217

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

PYSEC-2019-217

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

DEBIAN-CVE-2019-10906

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

UBUNTU-CVE-2019-10906

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

Scientific Linux Security Update : autofs on SL6.x i386/x86_64 (20150722)

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note:...