CVE Vulnerabilities

CVE-2014-1402

Published: May 19, 2014 | Modified: Dec 22, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with _jinja2 in /tmp.

Affected Software

Name Vendor Start Version End Version
Jinja2 Pocoo 2.5.3 2.5.3
Jinja2 Pocoo 2.5.4 2.5.4
Jinja2 Pocoo * 2.7.1
Jinja2 Pocoo 2.0 2.0
Jinja2 Pocoo 2.5.1 2.5.1
Jinja2 Pocoo 2.0 2.0
Jinja2 Pocoo 2.4 2.4
Jinja2 Pocoo 2.4.1 2.4.1
Jinja2 Pocoo 2.5 2.5
Jinja2 Pocoo 2.2.1 2.2.1
Jinja2 Pocoo 2.6 2.6
Jinja2 Pocoo 2.1.1 2.1.1
Jinja2 Pocoo 2.7 2.7
Jinja2 Pocoo 2.3.1 2.3.1
Jinja2 Pocoo 2.3 2.3
Jinja2 Pocoo 2.5.2 2.5.2
Jinja2 Pocoo 2.2 2.2
Jinja2 Pocoo 2.5.5 2.5.5
Jinja2 Pocoo 2.1 2.1

References