23170 matches found
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Google Golang 安全漏洞
Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...
PT-2025-5648 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: PIMCORE affected versions not specified Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious script...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.
The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...
The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.
The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...
GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape
Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape
Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...
CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...
CVE-2025-24359
CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...
Important: python-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
[SECURITY] Fedora 41 Update: SDL2_sound-2.0.4-1.fc41
SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...
The vulnerability of the libspeech service in the Mercedes-Benz User Experience (MBUX) system allows a intruder to trigger a service failure.
The vulnerability of the libspeech service in the Mercedes-Benz User Experience MBUX multimedia system is related to the buffer overflow in dynamic memory during the processing of UD2 format files. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerabilities of the functions CHBString::const_iterator::incrementSteps() and CHBString::remove() in the UserData service of the Mercedes-Benz Multimedia User Experience (MBUX) system allow a hacker to trigger a service failure.
The vulnerabilities of the functions CHBString::constiterator::incrementSteps and CHBString::remove of the UserData service in the Mercedes-Benz Multimedia User Experience MBUX system are related to buffer overflows in dynamic memory during the decoding of UD2 format files. Exploiting these...
CISA: Microsoft Expanded Cloud Logs Implementation Playbook
This playbook provides a detailed overview of the newly introduced logging capabilities in Microsoft Purview Audit Standard. These capabilities enable organizations to conduct forensic and compliance investigations by accessing critical events...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Jinja has a sandbox breakout through indirect reference to format method
...