Lucene search
K

12 matches found

OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2020:3096-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.4478EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2019:1156-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.4478EPSS
Exploits6References2
OSV
OSV
added 2020/10/29 5:8 p.m.10 views

SUSE-SU-2020:3096-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. - CVE-2019-8341: Fixed a command injection in function fromstring bsc1125815...

9.8CVSS8.6AI score0.4478EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2019/06/25 12:0 a.m.50 views

openSUSE Security Update : python-Jinja2 (openSUSE-2019-1614)

This update for python-Jinja2 fixes the following issues : Security issues fixed : - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format bsc1132174. - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. -...

9.8CVSS7.1AI score0.4478EPSS
Exploits6References6
OpenVAS
OpenVAS
added 2019/06/25 12:0 a.m.89 views

openSUSE: Security Advisory for python-Jinja2 (openSUSE-SU-2019:1614-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.4AI score0.4478EPSS
Exploits6References2
OPENSUSE Linux
OPENSUSE Linux
added 2019/06/24 12:0 a.m.195 views

Security update for python-Jinja2 (important)

openSUSE Security Update: Security update for python-Jinja2 Announcement ID: openSUSE-SU-2019:1614-1 Rating: important References: 1125815 1132174 1132323 Cross-References: CVE-2016-10745 CVE-2019-10906 CVE-2019-8341 Affected Products: openSUSE Leap 42.3 An update that fixes three vulnerabilities...

9.8CVSS8.4AI score0.4478EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2019/05/14 12:0 a.m.39 views

openSUSE: Security Advisory for python-Jinja2 (openSUSE-SU-2019:1395-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.4AI score0.4478EPSS
Exploits6References2
OSV
OSV
added 2019/05/13 1:1 p.m.9 views

OPENSUSE-SU-2019:1395-1 Security update for python-Jinja2

This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in fromstring bsc1125815. - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. This update was imported from t...

9.8CVSS7.1AI score0.4478EPSS
Exploits6References7
UbuntuCve
UbuntuCve
added 2019/02/15 7:29 a.m.36 views

CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

9.8CVSS7.2AI score0.4478EPSS
Exploits5References2
OSV
OSV
added 2019/02/15 7:29 a.m.0 views

BELL-CVE-2019-8341 CVE-2019-8341 does not affect BellSoft software

Bulletin has no description...

9.8CVSS7.3AI score0.4478EPSS
Exploits5References1
CVE
CVE
added 2019/02/15 7:0 a.m.176 views

CVE-2019-8341

The CVE-2019-8341 issue affects Jinja2 2.10 where from_string treats the source as a template object, rendering it and returning the result, enabling Server-Side Template Injection via {{INJECTION COMMANDS}} in a URI. The vulnerability is described with contention over its validity, but multiple ...

9.8CVSS9.3AI score0.4478EPSS
Exploits5References6Affected Software1
Debian CVE
Debian CVE
added 2019/02/15 7:0 a.m.28 views

CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

9.8CVSS8.4AI score0.4478EPSS
Exploits5
Rows per page
Query Builder