Moderate severityNVD Advisory· Published May 19, 2014· Updated Jun 17, 2026
CVE-2014-0012
CVE-2014-0012
Description
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Jinja2PyPI | < 2.7.2 | 2.7.2 |
Affected products
6- ghsa-coords5 versionspkg:pypi/jinja2pkg:rpm/opensuse/python-Jinja2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Jinja2&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205pkg:rpm/suse/python-Jinja2&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-Jinja2&distro=SUSE%20Package%20Hub%2012
< 2.7.2+ 4 more
- (no CPE)range: < 2.7.2
- (no CPE)range: < 2.8-1.4
- (no CPE)range: < 2.7.3-4.1
- (no CPE)range: < 2.7.3-4.1
- (no CPE)range: < 2.8-2.1
Patches
Vulnerability mechanics
References
15- github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7nvdExploitPatchWEB
- github.com/advisories/GHSA-fqh9-2qgg-h84hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0012ghsaADVISORY
- seclists.org/oss-sec/2014/q1/73nvdWEB
- www.gentoo.org/security/en/glsa/glsa-201408-13.xmlnvdWEB
- bugs.debian.org/cgi-bin/bugreport.cgighsaWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/mitsuhiko/jinja2/pull/292nvdWEB
- github.com/mitsuhiko/jinja2/pull/296nvdWEB
- github.com/pallets/jinja/commit/acb672b6a179567632e032f547582f30fa2f4aa7ghsaWEB
- github.com/pallets/jinja2/pull/292ghsaWEB
- github.com/pallets/jinja2/pull/296ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-82.yamlghsaWEB
- secunia.com/advisories/56328nvd
- secunia.com/advisories/60738nvd
News mentions
0No linked articles in our index yet.