Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-20461

Fix security alert for lander (April 10, 2019)

    Details

    • Type: Story
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Templates:
    • Story Points:
      1.4
    • Team:
      SQuaRE

      Description

      1 Jinja2 vulnerability found in setup.py on Apr 10

      Remediation

      Upgrade Jinja2 to version 2.10.1 or later. For example:
      install_requires=[ 'Jinja2>=2.10.1' ],
      or…
      extra_requires=[ 'Jinja2>=2.10.1' ],
      Always verify the validity and compatibility of suggestions with your codebase.


      Details

      CVE-2019-10906 More information

      high severity
      Vulnerable versions: < 2.10.1
      Patched version: 2.10.1
      In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

        Attachments

          Activity

            People

            • Assignee:
              jsick Jonathan Sick
              Reporter:
              jsick Jonathan Sick
              Watchers:
              Jonathan Sick
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel