Jinja2 — CVE history (PyPI)
Jinja2
3 CVEs affect the Jinja2 PyPI package (highest CVSS 5.3). Latest disclosed: 2021-02-01. Full CVE history sourced from NVD.
Summary
- Package
Jinja2(PyPI)- Total CVEs
3- Actively exploited (CISA KEV)
- 0
- Highest CVSS
5.3- Latest disclosed
- 2021-02-01
Recent CVEs (top 3)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-28493 | Medium | 5.3 | — | 2021-02-01 | This affects the package jinja2 from 0.0.0 and before 2.11.3. |
CVE-2014-1402 | — | — | — | 2014-05-19 | The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tm… |
CVE-2014-0012 | — | — | — | 2014-05-19 | FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-28493 | Medium | 5.3 | — | 2021-02-01 | This affects the package jinja2 from 0.0.0 and before 2.11.3. |