exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

bind:CVE-2019-8341

exploitDog

bind:CVE-2019-8341

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 11

Количество 11

CVE-2019-8341

почти 7 лет назад

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing

CVSS3: 9.8

EPSS: Средний

CVE-2019-8341

почти 7 лет назад

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing

CVSS3: 8.2

EPSS: Средний

CVE-2019-8341

почти 7 лет назад

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing

CVSS3: 9.8

EPSS: Средний

CVE-2019-8341

почти 7 лет назад

An issue was discovered in Jinja2 2.10. The from_string function is pr ...

CVSS3: 9.8

EPSS: Средний

GHSA-f6pv-j8mr-w6rr

больше 3 лет назад

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

CVSS3: 9.8

EPSS: Средний

BDU:2019-01179

почти 7 лет назад

Уязвимость функции from_string шаблонизатора Jinja2 для языка программирования Python, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

CVSS3: 8.2

EPSS: Средний

SUSE-SU-2020:3096-1

больше 5 лет назад

Security update for python-Jinja2

EPSS: Низкий

openSUSE-SU-2019:1614-1

больше 6 лет назад

Security update for python-Jinja2

EPSS: Низкий

openSUSE-SU-2019:1395-1

больше 6 лет назад

Security update for python-Jinja2

EPSS: Низкий

SUSE-SU-2019:1554-1

больше 6 лет назад

Security update for python-Jinja2

EPSS: Низкий

SUSE-SU-2019:1156-1

почти 7 лет назад

Security update for python-Jinja2

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2019-8341 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing	CVSS3: 9.8	37% Средний	почти 7 лет назад
	CVE-2019-8341 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing	CVSS3: 8.2	37% Средний	почти 7 лет назад
	CVE-2019-8341 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing	CVSS3: 9.8	37% Средний	почти 7 лет назад
	CVE-2019-8341 An issue was discovered in Jinja2 2.10. The from_string function is pr ...	CVSS3: 9.8	37% Средний	почти 7 лет назад
	GHSA-f6pv-j8mr-w6rr DISPUTED An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.	CVSS3: 9.8	37% Средний	больше 3 лет назад
	BDU:2019-01179 Уязвимость функции from_string шаблонизатора Jinja2 для языка программирования Python, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации	CVSS3: 8.2	37% Средний	почти 7 лет назад
	SUSE-SU-2020:3096-1 Security update for python-Jinja2			больше 5 лет назад
	openSUSE-SU-2019:1614-1 Security update for python-Jinja2			больше 6 лет назад
	openSUSE-SU-2019:1395-1 Security update for python-Jinja2			больше 6 лет назад
	SUSE-SU-2019:1554-1 Security update for python-Jinja2			больше 6 лет назад
	SUSE-SU-2019:1156-1 Security update for python-Jinja2			почти 7 лет назад

Уязвимостей на страницу