Jinja2
CVE-2014-0012
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1Blast Radius
ecosystem impact- 2 pypi packages depend on jinja2 (2 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.7.2.
DescriptionCVE.org
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
AnalysisAI
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. Rated medium severity (CVSS 4.4). Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-264. FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. Affected products include: Pocoo Jinja2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Jinja2 2.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today