Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-8341 - log back

CVE-2019-8341 created at 25 Sep 2019 19:31:40

Severity

+

Medium

Remote

+

Remote

Type

+	Content spoofing

Description

+	An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.

References

+	https://github.com/JameelNabbo/Jinja2-Code-execution
+	https://www.exploit-db.com/exploits/46386

Notes