PYSEC-2014-82

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2014-82.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-82

Aliases

Published

2014-05-19T14:55:00Z

Modified

2023-11-08T03:57:29.971954Z

Summary

[none]

Details

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.

References

Affected packages

PyPI / jinja2

Package

Name: jinja2; View open source insights on deps.dev
Purl: pkg:pypi/jinja2

Affected ranges

Type: GIT
Repo: https://github.com/mitsuhiko/jinja2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

acb672b6a179567632e032f547582f30fa2f4aa7

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.3

Affected versions

2.*

2.0rc1

2.0

2.1

2.1.1

2.2

2.2.1

2.3

2.3.1

2.4

2.4.1

2.5

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.6

2.7

2.7.1

2.7.2