Home

CVE-2019-10906

Description

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
3.322

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-10906 are fixed in Python-jinja2 2.10.1Windows
small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.8-1ubuntu0.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.10-1ubuntu0.18.04.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.10-1ubuntu0.18.10.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python-jinja2_2.10-1ubuntu0.19.04.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.8-1ubuntu0.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.10-1ubuntu0.18.04.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.10-1ubuntu0.18.10.1_all.debLinux
small but fast and easy to use stand-alone template engine (USN-4011-1) python3-jinja2_2.10-1ubuntu0.19.04.1_all.debLinux
(RHSA-2019:1152) python-jinja2 security update python3-jinja2-2.10.1-2.el8_0.noarch.rpmLinux
Python3-jinja2 update (ELSA-2019-1152) python3-jinja2-2.10.1-2.el8_0.noarch.rpmLinux
(CESA-2019:1152) python-jinja2 security update python3-jinja2-2.10.1-2.el8_0.noarch.rpmLinux
Python3-jinja2 update (ELSA-2024-3102) python3-jinja2-2.10.1-4.el8.noarch.rpmLinux
python3-jinja2 Security Update (ALAS-2024-2582) python3-jinja2-2.7.2-4.amzn2.0.5.noarch.rpmLinux
Vulnerabilities CVE-2019-10906 are fixed in Python-jinja2 for linux 2.10.1Linux
CVE-2019-10906NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234