What is CVE-2014-0012?

CVE-2014-0012 is a vulnerability in Pocoo Jinja2, classified under CWE-264. Published 2014-05-19.

Is CVE-2014-0012 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pocoo Jinja2

CVE-2014-0012

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an inc…

EPSS: 0.001 (27.5th percentile) — read the EPSS interpretation.

Affected products

Pocoo Jinja2 — versions 2.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_MISC)
56328 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_MISC)
60738 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (Exploit, Patch, x_refsource_MISC)
secalert@redhat.com (x_refsource_MISC)
GLSA-201408-13 (vendor-advisory, x_refsource_GENTOO)
[oss-security] 20140110 CVE assignment for jinja2 (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-0012?: CVE-2014-0012 is a vulnerability in Pocoo Jinja2, classified under CWE-264. Published 2014-05-19.
Is CVE-2014-0012 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.