Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 4 / 9 : OpenShift Container Platform 4.16.33 (RHSA-2025:0830)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0830 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile...

8.8CVSS6.9AI score0.005EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 9 : OpenShift Container Platform 4.15.45 (RHSA-2025:1130)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1130 advisory. - jinja2: Jinja has a sandbox breakout through malicious filenames CVE-2024-56201 - jinja2: Jinja has a sandbox breakout through...

8.8CVSS5.8AI score0.005EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/06 12:0 a.m.5 views

Amazon Linux 2 : mock, --advisory ALAS2MOCK-2025-001 (ALASMOCK-2025-001)

The version of mock installed on the remote host is prior to 1.4.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the...

9.8CVSS8.1AI score0.01552EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.2 views

CVE-2023-25657

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...

9.8CVSS7.9AI score0.01526EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/08 5:54 a.m.27 views

Important: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.8CVSS7.1AI score0.00465EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/04/03 10:38 a.m.25 views

Important: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.8CVSS7.1AI score0.00465EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/31 2:3 p.m.17 views

Important: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS7.1AI score0.00465EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.8 views

FreeBSD : Jinja2 -- Sandbox breakout through attr filter selecting format method (3299cbfd-fa6e-11ef-929d-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3299cbfd-fa6e-11ef-929d-b0416f0c4c67 advisory. [email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an...

8.8CVSS7.9AI score0.00465EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/02/10 9:1 p.m.8 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/27 7:32 p.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/27 1:33 p.m.150 views

Important: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.8CVSS6.9AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2025/01/27 12:0 a.m.8 views

ALSA-2025:0711 Important: python-jinja2 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.2AI score0.005EPSS
Exploits0References4
OSV
OSV
added 2019/04/10 2:30 p.m.1 views

GHSA-462W-V97R-4M45 Jinja2 sandbox escape via string formatting

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. The sandbox is used to restrict what code can be evaluated when rendering untrusted, user-provided templates. Due to the way string formatting works in Python, the str.formatmap method could be used to escape the sandbox. This...

8.6CVSS7.2AI score0.03603EPSS
Exploits1References23
myhack58
myhack58
added 2017/01/03 12:0 a.m.89 views

Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net

This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...

7.1AI score
Exploits0
Rows per page
Query Builder