rpm package
opensuse/python-Mako&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-Mako&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41205 | Hig | 7.5 | < 1.3.11-1.1 | 1.3.11-1.1 | Apr 23, 2026 | Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable | |
| CVE-2022-40023 | — | < 1.3.0-2.1 | 1.3.0-2.1 | Sep 7, 2022 | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. |
- affected < 1.3.11-1.1fixed 1.3.11-1.1
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable
- CVE-2022-40023Sep 7, 2022affected < 1.3.0-2.1fixed 1.3.0-2.1
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.