CVE-2016-10745

Description

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

CVSS Metrics

• v4.0•HIGH•Score: 7.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
• v3.0•HIGH•Score: 8.6CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 1.02%• Percentile: 78%

Techniques & Countermeasures

• CWE-134•Use of Externally-Controlled Format String

  The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Systems

• palletsprojects•jinja

  < 2.8.1

• PyPI•jinja2

  < 9b53045c34e61013dc8f09b7e52a555fa16bed16 | < 2.8.1

References (18)

• https://palletsprojects.com/blog/jinja-281-released/
• https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
• https://access.redhat.com/errata/RHSA-2019:1022
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
• https://access.redhat.com/errata/RHSA-2019:1237
• https://access.redhat.com/errata/RHSA-2019:1260
• https://usn.ubuntu.com/4011-1/
• https://usn.ubuntu.com/4011-2/
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
• https://access.redhat.com/errata/RHSA-2019:3964
• https://access.redhat.com/errata/RHSA-2019:4062
• https://nvd.nist.gov/vuln/detail/CVE-2016-10745
• https://github.com/advisories/GHSA-hj2j-77xm-mc5v
• https://github.com/pallets/jinja
• https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
• https://palletsprojects.com/blog/jinja-281-released
• https://usn.ubuntu.com/4011-1
• https://usn.ubuntu.com/4011-2