497 matches found
OESA-2021-1190 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-1838)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : python-jinja2 (EulerOS-SA-2021-1838)
According to the version of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape.CVE-2019-10906 Note that Tenable Network Security has extracted the...
SUSE: Security Advisory (SUSE-SU-2021:0654-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2021-0178 Updated python-jinja2 packages fix a security vulnerability
ReDOS vulnerability where urlize could have been called with untrusted user data CVE-2020-28493...
Fedora: Security Advisory for mingw-python-jinja2 (FEDORA-2021-2ab8ebcabc)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2021:0654-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data bsc1181944...
SUSE-SU-2021:0607-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. bsc1181944...
SUSE-SU-2021:14644-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. bsc1181944...
SUSE-SU-2021:0603-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. bsc1181944...
SUSE-SU-2021:0602-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. bsc1181944...
SUSE-SU-2021:0601-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. bsc1181944...
CVE-2020-28493
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
CentOS 8 : python-jinja2 (CESA-2019:1152)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2019:1152 advisory. - python-jinja2: str.formatmap allows sandbox escape CVE-2019-10906 Note that Nessus has not tested for this issue but has instead relied only on the...
SUSE-SU-2020:3897-1 Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark
This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila,...
SUSE-SU-2020:3096-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format bsc1132323. - CVE-2019-8341: Fixed a command injection in function fromstring bsc1125815...
EulerOS Virtualization 3.0.2.2 : python-jinja2 (EulerOS-SA-2020-2202)
According to the version of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape.CVE-2019-10906 Note that Tenable Network Security has...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2020-2202)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2020-1767)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : python-jinja2 (EulerOS-SA-2020-1767)
According to the version of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape.CVE-2019-10906 Note that Tenable Network Security has...