CVE-2014-0012 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Affected Products (NVD)

Vendor	Product	Version
pocoo	jinja2	2.7.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

jinja2

bookworm	3.1.2-1 fixed
bullseye	2.11.3-1 fixed
sid	3.1.3-1 fixed
squeeze	not-affected
trixie	3.1.3-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

jinja2

lucid	ignored
precise	Fixed 2.6-1ubuntu0.1 released
quantal	ignored
raring	ignored
saucy	ignored
trusty	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

python2-Jinja2

suse enterprise desktop 15	2.10-1.21 fixed
suse enterprise sap 15	2.10-1.21 fixed
suse enterprise server 15	2.10-1.21 fixed

python3-Jinja2

suse enterprise desktop 15	2.10-1.21 fixed
suse enterprise sap 15	2.10-1.21 fixed
suse enterprise server 15	2.10-1.21 fixed

Known Exploits!

Common Weakness Enumeration

CWE-264 -

References

http://seclists.org/oss-sec/2014/q1/73

http://secunia.com/advisories/56328

http://secunia.com/advisories/60738

http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml

https://bugzilla.redhat.com/show_bug.cgi?id=1051421

https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7

https://github.com/mitsuhiko/jinja2/pull/292

https://github.com/mitsuhiko/jinja2/pull/296

http://seclists.org/oss-sec/2014/q1/73

http://secunia.com/advisories/56328

http://secunia.com/advisories/60738

http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml

https://bugzilla.redhat.com/show_bug.cgi?id=1051421

https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7

https://github.com/mitsuhiko/jinja2/pull/292

https://github.com/mitsuhiko/jinja2/pull/296