Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 685842

Summary: dev-python/jinja: str.format_map allows sandbox escape (CVE-2019-10906)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: geaaru, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [ebuild/upstream]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-05-13 14:52:07 UTC 
CVE-2019-10906 (https://nvd.nist.gov/vuln/detail/CVE-2019-10906):
  In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-05-13 14:53:30 UTC 

*** This bug has been marked as a duplicate of bug 685844 ***