search

fossasia / meilix-generator

WebApp for generating a custom ISO image based on Meilix http://meilix.org
GNU Lesser General Public License v3.0
1.53k stars 113 forks source link

Vulnerabililty alert | Update dependency #440

Closed abishekvashok closed 5 years ago

abishekvashok commented 5 years ago

I'm submitting a ... (check one with "x")

Jinja2 vulnerability found in requirements.txt

Remediation Upgrade Jinja2 to version 2.10.1 or later. For example:

Jinja2>=2.10.1

Details CVE-2019-10906 https://nvd.nist.gov/vuln/detail/CVE-2019-10906

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

tabesin commented 5 years ago

Fixed. Generally just fix this, no need to file a bug.