CVE-2016-10745
Description
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.022
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-10745 are fixed in Python-jinja2 2.8.1 | Windows |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.8-1ubuntu0.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.10-1ubuntu0.18.04.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.10-1ubuntu0.18.10.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.10-1ubuntu0.19.04.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.8-1ubuntu0.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.10-1ubuntu0.18.04.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.10-1ubuntu0.18.10.1_all.deb | Linux |
| small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.10-1ubuntu0.19.04.1_all.deb | Linux |
| Python-jinja2 update (ELSA-2019-1022) python-jinja2-2.7.2-3.el7_6.noarch.rpm | Linux |
| Vulnerabilities CVE-2016-10745 are fixed in Python-jinja2 for linux 2.8.1 | Linux |
| Use of Externally-Controlled Format String Vulnerability (CVE-2016-10745) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234