30 matches found
SUSE SLES15 Security Update : python-Mako (SUSE-SU-2026:1820-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1820-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path...
SUSE SLED15 / SLES15 Security Update : python-Mako (SUSE-SU-2026:1819-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1819-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is...
CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...
CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...
SUSE-SU-2026:1820-1 Security update for python-Mako
This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal bsc1262716...
Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mako vulnerability (USN-8234-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8234-1 advisory. It was discovered that Mako incorrectly handled URIs with double-slash prefixes in...
USN-8234-1 python-mako vulnerability
It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information...
SUSE SLES16 Security Update : python-Mako (SUSE-SU-2026:21426-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:21426-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path...
OPENSUSE-SU-2026:20645-1 Security update for python-Mako
This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal bsc1262716...
SUSE-SU-2026:21426-1 Security update for python-Mako
This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal bsc1262716...
CVE-2026-41205
A flaw was found in Mako, a Python template library. This vulnerability, known as path traversal, allows an attacker to access files outside of the intended directory. By providing a specially crafted input to the TemplateLookup.gettemplate function, a remote attacker can exploit an inconsistency...
Mako: Path traversal via double-slash URI prefix in TemplateLookup
...
PYSEC-2026-88
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
PYSEC-2026-88
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
CVE-2026-41205
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
CVE-2026-41205
Mako (Python) prior to 1.3.11 is affected by a path traversal vulnerability in TemplateLookup.get_template() when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash‑stripping implementations. If an application passes untrusted input directly t...
CVE-2026-41205
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
EUVD-2026-25279
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...