24 matches found
UBUNTU-CVE-2014-0012
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...
Updated python-jinja2 package fixes two security vulnerabilities
Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...
MGASA-2014-0028 Updated python-jinja2 package fixes two security vulnerabilities
Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...
PT-2014-4172 · Pallets +3 · Jinja2 +3
Name of the Vulnerable Software and Affected Versions: Jinja2 versions prior to 2.7.2 Description: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 does not properly create temporary files. This allows local users to gain privileges via a crafted .cache file with a name...