PYSEC-2019-220

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2019-220.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-220
Aliases
Published
2019-04-08T13:29:00Z
Modified
2023-11-08T03:58:21.453618Z
Summary
[none]
Details

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

References

Affected packages

PyPI / jinja2

Package

Name
jinja2
View open source insights on deps.dev
Purl
pkg:pypi/jinja2

Affected ranges

Type
GIT
Repo
https://github.com/pallets/jinja
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9b53045c34e61013dc8f09b7e52a555fa16bed16
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1

Affected versions

2.*

2.0rc1
2.0
2.1
2.1.1
2.2
2.2.1
2.3
2.3.1
2.4
2.4.1
2.5
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.6
2.7
2.7.1
2.7.2
2.7.3
2.8