The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with _jinja2 in /tmp.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jinja2 | Pocoo | 2.5.3 | 2.5.3 |
Jinja2 | Pocoo | 2.5.4 | 2.5.4 |
Jinja2 | Pocoo | * | 2.7.1 |
Jinja2 | Pocoo | 2.0 | 2.0 |
Jinja2 | Pocoo | 2.5.1 | 2.5.1 |
Jinja2 | Pocoo | 2.0 | 2.0 |
Jinja2 | Pocoo | 2.4 | 2.4 |
Jinja2 | Pocoo | 2.4.1 | 2.4.1 |
Jinja2 | Pocoo | 2.5 | 2.5 |
Jinja2 | Pocoo | 2.2.1 | 2.2.1 |
Jinja2 | Pocoo | 2.6 | 2.6 |
Jinja2 | Pocoo | 2.1.1 | 2.1.1 |
Jinja2 | Pocoo | 2.7 | 2.7 |
Jinja2 | Pocoo | 2.3.1 | 2.3.1 |
Jinja2 | Pocoo | 2.3 | 2.3 |
Jinja2 | Pocoo | 2.5.2 | 2.5.2 |
Jinja2 | Pocoo | 2.2 | 2.2 |
Jinja2 | Pocoo | 2.5.5 | 2.5.5 |
Jinja2 | Pocoo | 2.1 | 2.1 |