PYSEC-2014-8
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2014-8.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2014-8
- Aliases
- Published
- 2014-05-19T14:55:00Z
- Modified
- 2023-11-08T03:57:34.512953Z
- Summary
- [none]
- Details
-
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with _jinja2 in /tmp.
- References
-
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
- http://advisories.mageia.org/MGASA-2014-0028.html
- http://jinja.pocoo.org/docs/changelog/
- http://openwall.com/lists/oss-security/2014/01/10/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1051421
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
- http://openwall.com/lists/oss-security/2014/01/10/2
- http://secunia.com/advisories/59017
- http://secunia.com/advisories/58918
- http://secunia.com/advisories/60770
- http://secunia.com/advisories/60738
- http://secunia.com/advisories/56287
- http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
- https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
- http://secunia.com/advisories/58783
- http://rhn.redhat.com/errata/RHSA-2014-0748.html
- http://rhn.redhat.com/errata/RHSA-2014-0747.html
- https://github.com/advisories/GHSA-8r7q-cvjq-x353
Affected packages
PyPI / jinja2
Package
- Name
- jinja2
- View open source insights on deps.dev
- Purl
- pkg:pypi/jinja2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.2