Skip to main content

Jinja2 CVE-2014-0012

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2014-05-19 secalert@redhat.com
4.4
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
May 19, 2014 - 14:55 cve.org
MEDIUM 4.4

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 pypi packages depend on jinja2 (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.7.2.

DescriptionCVE.org

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.

AnalysisAI

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. Rated medium severity (CVSS 4.4). Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-264. FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. Affected products include: Pocoo Jinja2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2014-0012 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy