PYSEC-2014-82

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2014-82.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2014-82
Aliases
Published
2014-05-19T14:55:00Z
Modified
2023-11-08T03:57:29.971954Z
Summary
[none]
Details

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.

References

Affected packages

PyPI / jinja2

Package

Affected ranges

Type
GIT
Repo
https://github.com/mitsuhiko/jinja2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.3

Affected versions

2.*

2.0rc1
2.0
2.1
2.1.1
2.2
2.2.1
2.3
2.3.1
2.4
2.4.1
2.5
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.6
2.7
2.7.1
2.7.2