Your submission was sent successfully! Close

CVE-2019-10906

Published: 6 April 2019

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
jinja2
Launchpad, Ubuntu, Debian
bionic
Released (2.10-1ubuntu0.18.04.1)
cosmic
Released (2.10-1ubuntu0.18.10.1)
disco
Released (2.10-1ubuntu0.19.04.1)
precise
Released (2.6-1ubuntu0.2)
trusty
Released (2.7.2-2ubuntu0.1~esm1)
upstream
Released (2.10.1,2.10-2)
xenial
Released (2.8-1ubuntu0.1)