FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.7.2-2", "binary_name": "python-jinja2" }, { "binary_version": "2.7.2-2", "binary_name": "python-jinja2-doc" }, { "binary_version": "2.7.2-2", "binary_name": "python3-jinja2" } ] }