Back to search
CVE-2014-1402
Published: May 19, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[El-errata] 20140611 Oracle Linux Security Advisory ELSA-2014-0747
mailing-list
x_refsource_MLIST
[oss-security] 20140110 Re: CVE Request: python-jinja2: arbitrary code execution vulnerability
mailing-list
x_refsource_MLIST
59017
third-party-advisory
x_refsource_SECUNIA
56287
third-party-advisory
x_refsource_SECUNIA
MDVSA-2014:096
vendor-advisory
x_refsource_MANDRIVA
58783
third-party-advisory
x_refsource_SECUNIA
58918
third-party-advisory
x_refsource_SECUNIA
60738
third-party-advisory
x_refsource_SECUNIA
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
x_refsource_CONFIRM
60770
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:0747
vendor-advisory
x_refsource_REDHAT
http://jinja.pocoo.org/docs/changelog/
x_refsource_CONFIRM
GLSA-201408-13
vendor-advisory
x_refsource_GENTOO
[oss-security] 20140110 CVE Request: python-jinja2: arbitrary code execution vulnerability
mailing-list
x_refsource_MLIST
http://advisories.mageia.org/MGASA-2014-0028.html
x_refsource_CONFIRM
RHSA-2014:0748
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now