CVE-2019-8341 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Content spoofing |
Description | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-904 | python-jinja | 2.10-2 | Medium | Not affected |
References |
---|
https://github.com/JameelNabbo/Jinja2-Code-execution https://www.exploit-db.com/exploits/46386 |