GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jul 08, 2021 9:26 am Post subject: [ GLSA 202107-19 ] Jinja |
 |
|
Gentoo Linux Security Advisory
Title: Jinja: Denial of service (GLSA 202107-19)
Severity: low
Exploitable: remote
Date: 2021-07-08
Bug(s): #768300
ID: 202107-19
Synopsis
An inefficient regular expression could be exploited to cause a
Denial of Service condition.
Background
Jinja is a template engine written in pure Python.
Affected Packages
Package: dev-python/jinja
Vulnerable: < 2.11.3
Unaffected: >= 2.11.3
Architectures: All supported architectures
Description
The ‘urlize’ filter in Jinja utilized an inefficient regular
expression that could be exploited to consume excess CPU.
Impact
An attacker could cause a Denial of Service condition via crafted input
to the ‘urlize’ Jinja filter.
Workaround
There is no known workaround at this time.
Resolution
All Jinja users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/jinja-2.11.3"
|
References
CVE-2020-28493
Last edited by GLSA on Sat Jan 22, 2022 4:39 am; edited 2 times in total |
|
News & Announcements
