Date: Fri, 10 Jan 2014 15:27:15 +0530 From: Ratul Gupta <ratulg@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request: python-jinja2: arbitrary code execution vulnerability Hello, Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like 'FileSystemBytecodeCache' are often predictable. A malicious user could exploit this bug to execute arbitrary code as another user. PoC is given on the debian page: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 https://bugzilla.redhat.com/show_bug.cgi?id=1051421 Can a CVE please be assigned to this issue? -- Regards, Ratul Gupta / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.