VYPR
Medium severity5.3NVD Advisory· Published Feb 1, 2021· Updated Jun 17, 2026

CVE-2020-28493

CVE-2020-28493

Description

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the _punctuation_re regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Jinja2PyPI
< 2.11.32.11.3

Affected products

124

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.