High severityOSV Advisory· Published Apr 8, 2019· Updated Aug 6, 2024
CVE-2016-10745
CVE-2016-10745
Description
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Jinja2PyPI | < 2.8.1 | 2.8.1 |
Affected products
77- ghsa-coords76 versionspkg:pypi/jinja2pkg:rpm/opensuse/python-Jinja2&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-Jinja2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ardana-cassandra&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Jinja2&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-Jinja2&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-Jinja2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/python-Jinja2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-Jinja2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-Jinja2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/python-Jinja2&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/python-Jinja2&distro=SUSE%20Manager%20Proxy%203.1pkg:rpm/suse/python-Jinja2&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/python-Jinja2&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/python-Jinja2&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/python-Jinja2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Jinja2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Jinja2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pytest&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pytest&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
< 2.8.1+ 75 more
- (no CPE)range: < 2.8.1
- (no CPE)range: < 2.10.1-lp150.2.3.1
- (no CPE)range: < 3.0.1-3.2
- (no CPE)range: < 9.0+git.1600802664.7e480a2-3.6.2
- (no CPE)range: < 9.0+git.1605174486.a78ddce-3.19.2
- (no CPE)range: < 9.0+git.1601621747.a87e5a0-3.22.2
- (no CPE)range: < 9.0+git.1603378983.fc0bca9-3.19.2
- (no CPE)range: < 6.0+git.1606314264.bf9ada813-3.31.2
- (no CPE)range: < 6.0+git.1604573541.bb18c172d-3.28.3
- (no CPE)range: < 6.7.4-3.20.1
- (no CPE)range: < 6.7.4-3.20.1
- (no CPE)range: < 1.3.8-4.3.3
- (no CPE)range: < 1.3.8-4.3.3
- (no CPE)range: < 13.0.10~dev20-3.28.2
- (no CPE)range: < 13.0.10~dev20-3.28.2
- (no CPE)range: < 11.0.4~dev4-3.19.2
- (no CPE)range: < 11.0.4~dev4-3.19.2
- (no CPE)range: < 12.0.1~dev2-3.3.4
- (no CPE)range: < 12.0.1~dev2-3.3.4
- (no CPE)range: < 0.0.0+git.1605509190.64f020b6-3.9.3
- (no CPE)range: < 0.0.0+git.1605509190.64f020b6-3.9.3
- (no CPE)range: < 12.0.1~dev3-3.3.4
- (no CPE)range: < 12.0.1~dev3-3.3.4
- (no CPE)range: < 3.3.4~dev6-3.19.4
- (no CPE)range: < 3.3.4~dev6-3.19.4
- (no CPE)range: < 7.4.2~dev57-4.30.2
- (no CPE)range: < 7.4.2~dev57-4.30.2
- (no CPE)range: < 13.0.8~dev135-3.31.2
- (no CPE)range: < 13.0.8~dev135-3.31.2
- (no CPE)range: < 12.0.1~dev5-3.19.4
- (no CPE)range: < 12.0.1~dev5-3.19.4
- (no CPE)range: < 13.0.2~dev6-3.9.2
- (no CPE)range: < 13.0.2~dev6-3.9.2
- (no CPE)range: < 18.3.1~dev77-3.31.2
- (no CPE)range: < 18.3.1~dev77-3.31.2
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-19.17.1
- (no CPE)range: < 2.10.1-3.5.1
- (no CPE)range: < 2.8-19.17.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-19.17.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.8-22.8.1
- (no CPE)range: < 2.10.1-3.3.3
- (no CPE)range: < 2.10.1-3.3.3
- (no CPE)range: < 4.5.0-4.3.3
- (no CPE)range: < 4.5.0-4.3.3
- (no CPE)range: < 3.7.4-3.3.3
- (no CPE)range: < 3.7.4-3.3.3
- (no CPE)range: < 1.23-3.15.3
- (no CPE)range: < 1.23-3.15.3
- (no CPE)range: < 9.20200917-3.24.3
- (no CPE)range: < 9.20200917-3.24.3
- (no CPE)range: < 2.2.3-5.3.3
- (no CPE)range: < 2.2.3-5.3.3
- (no CPE)range: < 7.0.1~dev24-3.21.2
- (no CPE)range: < 13.0.10~dev20-3.24.2
- (no CPE)range: < 7.0.2~dev2-3.21.2
- (no CPE)range: < 17.0.1~dev30-3.19.2
- (no CPE)range: < 11.0.4~dev4-3.21.2
- (no CPE)range: < 14.1.1~dev7-4.23.2
- (no CPE)range: < 11.1.5~dev16-4.19.2
- (no CPE)range: < 14.2.1~dev4-3.21.2
- (no CPE)range: < 7.2.1~dev1-4.21.2
- (no CPE)range: < 7.4.2~dev57-3.25.2
- (no CPE)range: < 1.8.2~dev3-3.21.2
- (no CPE)range: < 2.7.1~dev10-3.19.2
- (no CPE)range: < 13.0.8~dev135-6.23.2
- (no CPE)range: < 18.3.1~dev77-3.23.2
- (no CPE)range: < 3.2.3~dev7-4.21.2
- (no CPE)range: < 9.0.2~dev15-3.21.2
- (no CPE)range: < 2.19.2~dev48-2.16.2
Patches
Vulnerability mechanics
References
17- lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.htmlghsavendor-advisoryx_refsource_SUSEWEB
- access.redhat.com/errata/RHSA-2019:1022ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:1237ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:1260ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3964ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:4062ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-hj2j-77xm-mc5vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10745ghsaADVISORY
- usn.ubuntu.com/4011-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4011-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yamlghsaWEB
- palletsprojects.com/blog/jinja-281-releasedghsaWEB
- palletsprojects.com/blog/jinja-281-released/mitrex_refsource_MISC
- usn.ubuntu.com/4011-1ghsaWEB
- usn.ubuntu.com/4011-2ghsaWEB
News mentions
0No linked articles in our index yet.