First published: Mon Apr 08 2019(Updated: )
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Palletsprojects Jinja | <2.8.1 | |
redhat/python-jinja2 | <2.8.1 | 2.8.1 |
pip/Jinja2 | <2.8.1 | 2.8.1 |
debian/jinja2 | 2.11.3-1 2.11.3-1+deb11u2 3.1.2-1 3.1.3-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10745 is a vulnerability in Pallets Jinja before version 2.8.1 that allows a sandbox escape.
CVE-2016-10745 has a severity rating of 8.6 out of 10.
Pallets Jinja versions before 2.8.1 are affected by CVE-2016-10745.
To fix CVE-2016-10745, update Pallets Jinja to version 2.8.1 or later.
You can find more information about CVE-2016-10745 at the following references: [link1], [link2], [link3].