—
PYSEC-2019-220
상세
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / jinja2
최초 영향 버전:
0 수정 버전: 9b53045c34e61013dc8f09b7e52a555fa16bed16 수정
pip install --upgrade 'jinja2>=9b53045c34e61013dc8f09b7e52a555fa16bed16' 참고
- https://palletsprojects.com/blog/jinja-281-released/ [ARTICLE]
- https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16 [FIX]
- https://access.redhat.com/errata/RHSA-2019:1022 [ADVISORY]
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html [WEB]
- https://access.redhat.com/errata/RHSA-2019:1237 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2019:1260 [ADVISORY]
- https://usn.ubuntu.com/4011-1/ [WEB]
- https://usn.ubuntu.com/4011-2/ [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html [WEB]
- https://access.redhat.com/errata/RHSA-2019:3964 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2019:4062 [ADVISORY]
- https://github.com/advisories/GHSA-hj2j-77xm-mc5v [ADVISORY]