CVE-2019-10906

Published: 06 April 2019

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
jinja2
Launchpad, Ubuntu, Debian
Upstream
Released (2.10.1,2.10-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.10-1ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.8-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.7.2-2ubuntu0.1~esm1)
Patches:
Upstream: https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26