mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
831 B
831 B
CVE-2014-1402
Description
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with _jinja2 in /tmp.
POC
Reference
- http://openwall.com/lists/oss-security/2014/01/10/2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747