113 matches found
EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2021-2538)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator an...
EulerOS 2.0 SP8 : python-jinja2 (EulerOS-SA-2021-2482)
According to the versions of the python-jinja2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator a...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
Jinja: Denial of service
Background Jinja is a template engine written in pure Python. Description The ‘urlize’ filter in Jinja utilized an inefficient regular expression that could be exploited to consume excess CPU. Impact An attacker could cause a Denial of Service condition via crafted input to the ‘urlize’ Jinja...
Regular Expression Denial of Service (ReDoS) in Jinja2
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiti...
SUSE-SU-2021:14644-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. bsc1181944...
Regular Expression Denial Of Service (ReDoS)
jinja2 is vulnerable to regular expression denial of service. The regex sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ used to format user content in the urlize filter consumes high process memory and can lead to an application crash...
CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
Regular Expression Denial of Service (ReDoS)
Overview Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The ReDoS vulnerability ...
Security update for python-Jinja2 (moderate)
openSUSE Security Update: Security update for python-Jinja2 Announcement ID: openSUSE-SU-2019:0244-1 Rating: moderate References: 858239 Cross-References: CVE-2014-0012 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes one vulnerability is now...
django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...
django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...
django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...
GHSA-R28V-MW67-M5P9 Django denial-of-service possibility in urlize and urlizetrunc template filters
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...
Django denial-of-service possibility in urlize and urlizetrunc template filters
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...
The vulnerability of the django.utils.html.urlize function, as well as the chars and words methods of the django.utils.text.Truncator object in the Django web application framework, allows attackers to trigger a denial-of-service attack.
The vulnerability of the django.utils.html.urlize function, as well as the chars and words methods of the django.utils.text.Truncator object in the Django web application framework, lies in the fact that when control over input data is possible, a malicious attacker can create a string that will...
django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...