{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-10906", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "url": "https://palletsprojects.com/blog/jinja-2-10-1-released", "refsource": "MISC", "name": "https://palletsprojects.com/blog/jinja-2-10-1-released" }, { "refsource": "MLIST", "name": "[infra-devnull] 20190410 [GitHub] [airflow] XD-DENG opened pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E" }, { "refsource": "MLIST", "name": "[airflow-commits] 20190410 [GitHub] [airflow] XD-DENG opened a new pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E" }, { "refsource": "MLIST", "name": "[airflow-commits] 20190410 [GitHub] [airflow] XD-DENG commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E" }, { "refsource": "MLIST", "name": "[airflow-commits] 20190410 [GitHub] [airflow] ashb commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E" }, { "refsource": "MLIST", "name": "[infra-devnull] 20190410 [GitHub] [airflow] XD-DENG commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E" }, { "refsource": "MLIST", "name": "[infra-devnull] 20190410 [GitHub] [airflow] ashb commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E" }, { "refsource": "MLIST", "name": "[airflow-commits] 20190410 [GitHub] [airflow] ashb merged pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E" }, { "refsource": "MLIST", "name": "[infra-devnull] 20190410 [GitHub] [airflow] ashb closed pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906", "url": "https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E" }, { "refsource": "FEDORA", "name": "FEDORA-2019-4f978cacb4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/" }, { "refsource": "FEDORA", "name": "FEDORA-2019-e41e19457b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/" }, { "refsource": "FEDORA", "name": "FEDORA-2019-04a42e480b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/" }, { "refsource": "REDHAT", "name": "RHSA-2019:1152", "url": "https://access.redhat.com/errata/RHSA-2019:1152" }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1395", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html" }, { "refsource": "REDHAT", "name": "RHSA-2019:1237", "url": "https://access.redhat.com/errata/RHSA-2019:1237" }, { "refsource": "REDHAT", "name": "RHSA-2019:1329", "url": "https://access.redhat.com/errata/RHSA-2019:1329" }, { "refsource": "UBUNTU", "name": "USN-4011-1", "url": "https://usn.ubuntu.com/4011-1/" }, { "refsource": "UBUNTU", "name": "USN-4011-2", "url": "https://usn.ubuntu.com/4011-2/" }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1614", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html" } ] } }