Your submission was sent successfully! Close

CVE-2014-1402

Published: 19 May 2014

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.

Priority

Medium

Status

Package Release Status
jinja2
Launchpad, Ubuntu, Debian
Upstream
Released (2.7.2)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.7.2-2)
Patches:
Upstream: https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7