792 matches found
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RLSA-2019:1152 Important: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: str.formatmap allows sandbox escape CVE-2019-10906 For more...
Fedora Update for php-Smarty2 FEDORA-2018-7adf863a47
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-twig2 FEDORA-2019-a9a37fed18
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-twig FEDORA-2019-c8712a42dc
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-Smarty FEDORA-2019-e595e8a7d7
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: python-jinja2-2.10.1-1.fc29
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
[SECURITY] Fedora 28 Update: python-jinja2-2.10.1-1.fc28
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
[SECURITY] Fedora 30 Update: python-jinja2-2.10.1-1.fc30
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
New Relic: Stored XSS at APM applications listing
Hello team, I have discovered that the attacker which can create APM app or modify the existing app name can cause a stored XSS firing at APM apps listing page. There is a script like the following at the APM apps listing page: javascript window.applicationData =...
[SECURITY] Fedora 30 Update: php-twig-1.38.2-2.fc30
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 30 Update: php-twig2-2.7.2-1.fc30
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
Jfinal cms backend has arbitrary file read vulnerability
Jfinal cms uses JFinal as a web framework , template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms backend exists arbitrary file read vulnerability. Attackers can use the vulnerability to read the database configuration file...
[SECURITY] Fedora 28 Update: php-twig-1.38.2-2.fc28
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 28 Update: php-twig2-2.7.2-1.fc28
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 28 Update: php-Smarty-3.1.33-1.fc28
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...
[SECURITY] Fedora 29 Update: php-Smarty-3.1.33-1.fc29
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...
Unspecified vulnerability in Jinjava
Jinjava is a Java-based Jinja template engine . A security vulnerability exists in Jinjava versions prior to 2.4.6. No details of the vulnerability are provided at this time...
[SECURITY] Fedora 29 Update: php-Smarty2-2.6.31-2.fc29
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...
[SECURITY] Fedora 28 Update: php-Smarty2-2.6.31-2.fc28
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...