Fix CVE by updating the Jinja2 library

fabric8-analytics / fabric8-analytics-stack-analysis

GNU General Public License v3.0

6 stars 26 forks source link

Fix CVE by updating the Jinja2 library #248

Open tisnik opened 5 years ago

tisnik commented 5 years ago

Additional information about CVE:

CVE-2019-10906
More information
high severity
Vulnerable versions: < 2.10.1
Patched version: 2.10.1

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.