CVE 2019-10906
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- FEDORA: FEDORA-2019-04a42e480b
- FEDORA: FEDORA-2019-4f978cacb4
- FEDORA: FEDORA-2019-e41e19457b
- MISC: https://palletsproject...
- MLIST: [airflow-commits] 2019...
- MLIST: [airflow-commits] 2019...
- MLIST: [airflow-commits] 2019...
- MLIST: [airflow-commits] 2019...
- MLIST: [infra-devnull] 201904...
- MLIST: [infra-devnull] 201904...
- MLIST: [infra-devnull] 201904...
- MLIST: [infra-devnull] 201904...
- REDHAT: RHSA-2019:1152
- REDHAT: RHSA-2019:1237
- REDHAT: RHSA-2019:1329
- SUSE: openSUSE-SU-2019:1395
- UBUNTU: USN-4011-1
- UBUNTU: USN-4011-2
- SUSE: openSUSE-SU-2019:1614
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)