SUSE-SU-2020:3096-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2019-10906 CVE-2019-8341

Published: 29 Oct 2020, 17:08

Last modified:04 Feb 2026, 03:20

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Oct 2020, 17:08

Published

Vulnerability first disclosed

04 Feb 2026, 03:20

Last Modified

Vulnerability information updated

Description

Security update for python-Jinja2 This update for python-Jinja2 fixes the following issues: - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed a command injection in function from_string (bsc#1125815).

Affected Systems

suse•python-Jinja2&distro=SUSE Linux Enterprise Module for Advanced Systems Management 12
< 2.8-19.20.1
suse•python-Jinja2&distro=SUSE Linux Enterprise Module for Public Cloud 12
< 2.8-19.20.1
suse•python-Jinja2&distro=SUSE Manager Client Tools 12
< 2.8-19.20.1

SUSE-SU-2020:3096-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)