python-jinja

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A simple pythonic template language written in Python
Version 1:3.1.4-2 [extra-testing]
1:3.1.4-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1523 2.11.2-4 2.11.3-1 Low Fixed
AVG-904 2.10-2 Medium Not affected
Issue Group Severity Remote Type Description
CVE-2020-28493 AVG-1523 Low Yes Denial of service
A security issue was found in python-jinja before version 2.11.3. The regular expression denial of service vulnerability is mainly due to the sub-pattern...
CVE-2019-8341 AVG-904 Medium Yes Content spoofing
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as...

Advisories

Date Advisory Group Severity Type
07 Feb 2021 ASA-202102-19 AVG-1523 Low denial of service