Max CVSS 7.5 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-8341 7.5
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it
06-08-2019 - 15:15 15-02-2019 - 07:29
CVE-2016-10745 5.0
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
06-06-2019 - 16:29 08-04-2019 - 13:29
CVE-2019-10906 5.0
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
06-06-2019 - 16:29 07-04-2019 - 00:29
Back to Top Mark selected
Back to Top