Vulnerabilities > CVE-2019-10906
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-E41E19457B.NASL description Security fix for CVE-2019-10906. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124547 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124547 title Fedora 30 : python-jinja2 (2019-e41e19457b) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-e41e19457b. # include("compat.inc"); if (description) { script_id(124547); script_version("1.3"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2019-10906"); script_xref(name:"FEDORA", value:"2019-e41e19457b"); script_name(english:"Fedora 30 : python-jinja2 (2019-e41e19457b)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2019-10906. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e41e19457b" ); script_set_attribute( attribute:"solution", value:"Update the affected python-jinja2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-jinja2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"python-jinja2-2.10.1-1.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-jinja2"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1395.NASL description This update for python-Jinja2 to version 2.10.1 fixes the following issues : Security issues fixed : - CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125022 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125022 title openSUSE Security Update : python-Jinja2 (openSUSE-2019-1395) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1152.NASL description From Red Hat Security Advisory 2019:1152 : An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es) : * python-jinja2: str.format_map allows sandbox escape (CVE-2019-10906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127582 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127582 title Oracle Linux 8 : python-jinja2 (ELSA-2019-1152) NASL family Fedora Local Security Checks NASL id FEDORA_2019-4F978CACB4.NASL description Security fix for CVE-2019-10906. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124350 published 2019-04-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124350 title Fedora 28 : python-jinja2 (2019-4f978cacb4) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4011-1.NASL description Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125771 published 2019-06-07 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125771 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : jinja2 vulnerabilities (USN-4011-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4011-2.NASL description USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details : Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125772 published 2019-06-07 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125772 title Ubuntu 14.04 LTS : jinja2 vulnerabilities (USN-4011-2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1816.NASL description According to the version of the python-jinja2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.(CVE-2019-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-08-27 plugin id 128185 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128185 title EulerOS 2.0 SP8 : python-jinja2 (EulerOS-SA-2019-1816) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1152.NASL description An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es) : * python-jinja2: str.format_map allows sandbox escape (CVE-2019-10906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 125011 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125011 title RHEL 8 : python-jinja2 (RHSA-2019:1152) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1570.NASL description According to the version of the python-jinja2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136273 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136273 title EulerOS Virtualization for ARM 64 3.0.2.0 : python-jinja2 (EulerOS-SA-2020-1570) NASL family Fedora Local Security Checks NASL id FEDORA_2019-04A42E480B.NASL description Security fix for CVE-2019-10906. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124346 published 2019-04-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124346 title Fedora 29 : python-jinja2 (2019-04a42e480b) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1127.NASL description According to the version of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.(CVE-2019-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-02-24 plugin id 133928 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133928 title EulerOS 2.0 SP5 : python-jinja2 (EulerOS-SA-2020-1127) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1614.NASL description This update for python-Jinja2 fixes the following issues : Security issues fixed : - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format (bsc#1132174). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed command injection in function from_string (bsc#1125815). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126233 published 2019-06-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126233 title openSUSE Security Update : python-Jinja2 (openSUSE-2019-1614)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://palletsprojects.com/blog/jinja-2-10-1-released
- https://access.redhat.com/errata/RHSA-2019:1152
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
- https://access.redhat.com/errata/RHSA-2019:1237
- https://access.redhat.com/errata/RHSA-2019:1329
- https://usn.ubuntu.com/4011-1/
- https://usn.ubuntu.com/4011-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
- https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/