12 matches found
SUSE: Security Advisory (SUSE-SU-2020:3096-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1156-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2020:3096-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. - CVE-2019-8341: Fixed a command injection in function fromstring bsc1125815...
openSUSE Security Update : python-Jinja2 (openSUSE-2019-1614)
This update for python-Jinja2 fixes the following issues : Security issues fixed : - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format bsc1132174. - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. -...
openSUSE: Security Advisory for python-Jinja2 (openSUSE-SU-2019:1614-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for python-Jinja2 (important)
openSUSE Security Update: Security update for python-Jinja2 Announcement ID: openSUSE-SU-2019:1614-1 Rating: important References: 1125815 1132174 1132323 Cross-References: CVE-2016-10745 CVE-2019-10906 CVE-2019-8341 Affected Products: openSUSE Leap 42.3 An update that fixes three vulnerabilities...
openSUSE: Security Advisory for python-Jinja2 (openSUSE-SU-2019:1395-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2019:1395-1 Security update for python-Jinja2
This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in fromstring bsc1125815. - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. This update was imported from t...
CVE-2019-8341
An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...
BELL-CVE-2019-8341 CVE-2019-8341 does not affect BellSoft software
Bulletin has no description...
CVE-2019-8341
The CVE-2019-8341 issue affects Jinja2 2.10 where from_string treats the source as a template object, rendering it and returning the result, enabling Server-Side Template Injection via {{INJECTION COMMANDS}} in a URI. The vulnerability is described with contention over its validity, but multiple ...
CVE-2019-8341
An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...