What is CVE-2014-1402?

CVE-2014-1402 is a vulnerability in Pocoo Jinja2, classified under CWE-264. Published 2014-05-19.

Is CVE-2014-1402 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pocoo Jinja2

CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tm…

EPSS: 0.001 (26.7th percentile) — read the EPSS interpretation.

Affected products

Pocoo Jinja2 — versions 2.0, 2.1, 2.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

[El-errata] 20140611 Oracle Linux Security Advisory ELSA-2014-0747 (mailing-list, x_refsource_MLIST)
[oss-security] 20140110 Re: CVE Request: python-jinja2: arbitrary code execution vulnerability (mailing-list, x_refsource_MLIST)
59017 (x_refsource_SECUNIA, third-party-advisory)
56287 (x_refsource_SECUNIA, third-party-advisory)
MDVSA-2014:096 (vendor-advisory, x_refsource_MANDRIVA)
58783 (x_refsource_SECUNIA, third-party-advisory)
58918 (x_refsource_SECUNIA, third-party-advisory)
60738 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-1402?: CVE-2014-1402 is a vulnerability in Pocoo Jinja2, classified under CWE-264. Published 2014-05-19.
Is CVE-2014-1402 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.