漏洞信息详情
Pallets Jinja 安全漏洞
- CNNVD编号:CNNVD-202102-010 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2020-28493
- 漏洞类型: 其他
- 发布时间: 2021-02-01
- 威胁类型: 远程
- 更新时间: 2021-11-30
- 厂 商:
- 漏洞来源:
-
漏洞简介
Pallets Jinja是一款使用Python语言编写的模板引擎。
jinja2 from 0.0.0 and before 2.11.3 存在安全漏洞,该漏洞源于regex的ReDOS漏洞。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/pallets/jinja/releases/tag/2.11.3
参考网址
来源:MISC
链接:https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
来源:MISC
链接:https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
来源:MISC
链接:https://github.com/pallets/jinja/pull/1343
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0718
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164874/Red-Hat-Security-Advisory-2021-4151-06.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165096/Red-Hat-Security-Advisory-2021-4845-05.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Python-Jinja-overload-via-Regular-Expression-34693
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3824
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0741
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2904
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.4019
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163446/Gentoo-Linux-Security-Advisory-202107-19.html
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6507113
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3820
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021070801
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28493
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163941/Red-Hat-Security-Advisory-2021-3254-01.html
受影响实体
暂无
补丁
- Pallets Jinja 安全漏洞的修复措施<!--2021-2-1-->
还没有评论,来说两句吧...