CVE-2016-10745

Published: 08 April 2019

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
jinja2
Launchpad, Ubuntu, Debian
Upstream
Released (2.9.4-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.10-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.8-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.7.2-2ubuntu0.1~esm1)
Patches:
Upstream: https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
Upstream: https://github.com/pallets/jinja/commit/74bd64e56387f5b2931040dc7235a3509cde1611