PT-2019-12084 · Pallets+6 · Jinja+6

Brian Welch

Published

2019-04-06

Updated

2024-06-15

CVE-2019-10906

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pallets Jinja versions prior to 2.10.1

Description The issue allows a sandbox escape through the str.format map method. This method could be used to bypass the sandbox, which is designed to restrict the evaluation of untrusted, user-provided templates. The problem arises due to the way string formatting works in Python.

Recommendations For versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue. As a temporary workaround, consider overriding the is safe attribute method on the sandbox and explicitly disallow the format map method on string objects.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

ALT-PU-2019-2664

ALT-PU-2020-3106

AZL-41949

CESA-2019_1152

CVE-2019-10906

GHSA-462W-V97R-4M45

MGASA-2019-0177

OPENSUSE-SU-2019:1395-1

OPENSUSE-SU-2019_1395-1

OPENSUSE-SU-2019_1614-1

OPENSUSE-SU-2024:11208-1

OPENSUSE-SU-2024:13930-1

PYSEC-2019-217

RHSA-2019:1152

RHSA-2019:1237

RHSA-2019:1329

RHSA-2019:3172

RHSA-2019_1152

RLSA-2019:1152

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2019:1156-1

SUSE-SU-2019:1554-1

SUSE-SU-2020:3096-1

SUSE-SU-2020:3897-1

SUSE-SU-2020_3096-1

USN-4011-1

USN-4011-2

Affected Products

Alt Linux

Centos

Jinja

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-12084 · Pallets+6 · Jinja+6

CVE-2019-10906

Weakness Enumeration

Related Identifiers

Affected Products

References · 86