[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2019-10906 - jinja sandbox escape poc



> This should help confirming vulnerability in other suites.

2.7.3-1 and all later releases affected. In addition, both 2.7.3-1 and
2.8-1 are affected by the previous str.format issue[0].

[0] https://palletsprojects.com/blog/jinja-281-released/

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature


Reply to: