search

fabric8-analytics / fabric8-analytics-license-analysis

License Analysis
GNU General Public License v3.0
6 stars 25 forks source link

Fix CVE by updating Jinja2 library #179

Open tisnik opened 5 years ago

tisnik commented 5 years ago

Additional information about CVE:

CVE-2019-10906
More information
high severity
Vulnerable versions: < 2.10.1
Patched version: 2.10.1

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2016-10745
More information
high severity
Vulnerable versions: < 2.8.1
Patched version: 2.8.1

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.