Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Vulnerability ID: 70612 CVE: CVE-2019-8341 ADVISORY: In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. For more information about this vulnerability, visit https://data.safetycli.com/v/70612/97c Signed-off-by: Aurélien Bompard <[email protected]>
- Loading branch information