Security vulnerability for Jinja (requirement for documentation generation)

buruzaemon / natto-py

natto-py combines the Python programming language with MeCab, the part-of-speech and morphological analyzer for the Japanese language.

BSD 2-Clause "Simplified" License

92 stars 13 forks source link

Security vulnerability for Jinja (requirement for documentation generation) #113

Closed buruzaemon closed 4 years ago

buruzaemon commented 4 years ago

CVE-2019-10906 high severity Vulnerable versions: < 2.10.1 Patched version: 2.10.1 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

CVE-2016-10745 high severity Vulnerable versions: < 2.8.1 Patched version: 2.8.1 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

buruzaemon commented 4 years ago

Resolved in 0.9.1 release.