Github ALERT: Jinja2 vulnerability found in requirements.txt

PaloAltoNetworks / SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->

https://gitlab.com/panw-gse/as/SafeNetworking/

Apache License 2.0

12 stars 10 forks source link

Github ALERT: Jinja2 vulnerability found in requirements.txt #82

Closed punisherVX closed 5 years ago

punisherVX commented 5 years ago

From Github Alerts: Jinja2 vulnerability found in requirements.txt Remediation Upgrade Jinja2 to version 2.10.1 or later.

For example:

Jinja2>=2.10.1

Details CVE-2019-10906 high severity Vulnerable versions: < 2.10.1 Patched version: 2.10.1 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

zube[bot] commented 5 years ago

sdndude said: Updated requirements.txt to recommended remediation.

Fixed in 5026979