Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10906

Опубликовано: 06 апр. 2019
Источник: redhat
CVSS3: 9
EPSS Низкий

Описание

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability.

Отчет

Red Hat Virtualization Management Appliance includes python-jinja2 as a dependency of ovirt-engine-backend, which only uses it with controlled format strings that are not exploitable. Red Hat Satellite 6 will receive fixes through the underlying Red Hat Enterprise Linux, so it won't issue updates to its own affected package. This issue does not affect versions of python-jinja2 as shipped with:

  • Red Hat Enterprise Linux 6, and 7 as python2 does not support str.format_map.
  • Red Hat Update Infrastructure as it does not use the Sandbox feature, nor does it allow untrusted jinja2 templates.
  • Red Hat Ceph Storage 2, 3 and Red Hat Gluster Storage 3 as python2 does not support str.format_map.
  • Red Hat OpenStack Platform 13 or 14 as python2 does not support str.format_map.

Меры по смягчению последствий

If you cannot upgrade python-Jinja2, you can override the is_safe_attribute method on the sandbox and explicitly disallow the format_map method on string objects.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 2python-jinja2Not affected
Red Hat Ceph Storage 3python-jinja2Not affected
Red Hat Enterprise Linux 6python-jinja2Not affected
Red Hat Enterprise Linux 7python-jinja2Not affected
Red Hat Enterprise Linux 8python27:2.7/python-jinja2Not affected
Red Hat OpenStack Platform 13 (Queens)python-jinja2Not affected
Red Hat OpenStack Platform 14 (Rocky)python-jinja2Not affected
Red Hat OpenStack Platform 15 (Stein)python-jinja2Not affected
Red Hat Software Collectionspython27-python-jinja2Not affected
Red Hat Storage 3python-jinja2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-138
https://bugzilla.redhat.com/show_bug.cgi?id=1698839python-jinja2: str.format_map allows sandbox escape

EPSS

Процентиль: 80%
0.01473
Низкий

9 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10906

CVSS3: 8.6
ubuntu
больше 6 лет назад

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

nvd логотип

CVE-2019-10906

CVSS3: 8.6
nvd
больше 6 лет назад

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

msrc логотип

CVE-2019-10906

CVSS3: 8.6
msrc
12 месяцев назад

Описание отсутствует

debian логотип

CVE-2019-10906

CVSS3: 8.6
debian
больше 6 лет назад

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape ...

github логотип

GHSA-462w-v97r-4m45

CVSS3: 8.6
github
больше 6 лет назад

Jinja2 sandbox escape via string formatting

EPSS

Процентиль: 80%
0.01473
Низкий

9 Critical

CVSS3