CVE-2019-8341 High Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github[bot]]

CVE-2019-8341 - High Severity Vulnerability

Vulnerable Library - Jinja2-2.10-py2.py3-none-any.whl

A small but fast and easy to use stand-alone template engine written in pure python.

path: /tender_samet/requirements.txt

Library home page: https://pypi.python.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl

Dependency Hierarchy: - :x: **Jinja2-2.10-py2.py3-none-any.whl** (Vulnerable Library)

Vulnerability Details

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.

Publish Date: 2019-02-15

URL: CVE-2019-8341

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

---

Step up your Open Source Security Game with WhiteSource here

[saravanan-itilite]

Did you find any solution for this?