Date: Fri, 10 Jan 2014 15:27:15 +0530 From: Ratul Gupta <ratulg@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request: python-jinja2: arbitrary code execution vulnerability Hello, Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like 'FileSystemBytecodeCache' are often predictable. A malicious user could exploit this bug to execute arbitrary code as another user. PoC is given on the debian page: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 https://bugzilla.redhat.com/show_bug.cgi?id=1051421 Can a CVE please be assigned to this issue? -- Regards, Ratul Gupta / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ