Skip to content

Commit

Permalink
Ignore vuln 70612 in Safety
Browse files Browse the repository at this point in the history
Vulnerability ID: 70612
CVE: CVE-2019-8341

ADVISORY: In Jinja2, the from_string function is prone to Server Side
Template Injection (SSTI) where it takes the "source" parameter as a
template object, renders it, and then returns it. The attacker can
exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer
and multiple third parties believe that this vulnerability isn't valid
because users shouldn't use untrusted templates without sandboxing.

For more information about this vulnerability, visit
https://data.safetycli.com/v/70612/97c

Signed-off-by: Aurélien Bompard <[email protected]>
  • Loading branch information
abompard committed Jun 24, 2024
1 parent eeca9ce commit 8e91e1c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,5 @@ repos:
- id: python-safety-dependencies-check
alias: safety
additional_dependencies: ["poetry"]
args: ["--ignore=70612"]
# 70612: CVE-2019-8341

0 comments on commit 8e91e1c

Please sign in to comment.