CVE-2020-28493 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	A security issue was found in python-jinja before version 2.11.3. The regular expression denial of service vulnerability is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1523	python-jinja, python2-jinja	2.11.2-4	2.11.3-1	Low	Fixed

Date	Advisory	Group	Package	Severity	Type
07 Feb 2021	ASA-202102-20	AVG-1523	python2-jinja	Low	denial of service
07 Feb 2021	ASA-202102-19	AVG-1523	python-jinja	Low	denial of service

References
https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 https://github.com/pallets/jinja/pull/1343 https://github.com/pallets/jinja/commit/ef658dc3b6389b091d608e710a810ce8b87995b3

Notes
Workaround ========== This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.