CVE-2014-1402

Published: May 19, 2014Modified: May 6, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.

Affected (19)

Products: Pocoo: Jinja2

1 product

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Pocoo Jinja2	Up to 2.7.1
Pocoo Jinja2	Version 2.0
Pocoo Jinja2	Version 2.0 rc1
Pocoo Jinja2	Version 2.1.1
Pocoo Jinja2	Version 2.1
Pocoo Jinja2	Version 2.2.1
Pocoo Jinja2	Version 2.2
Pocoo Jinja2	Version 2.3.1
Pocoo Jinja2	Version 2.3
Pocoo Jinja2	Version 2.4.1
Pocoo Jinja2	Version 2.4
Pocoo Jinja2	Version 2.5.1
Pocoo Jinja2	Version 2.5.2
Pocoo Jinja2	Version 2.5.3
Pocoo Jinja2	Version 2.5.4
Pocoo Jinja2	Version 2.5.5
Pocoo Jinja2	Version 2.5
Pocoo Jinja2	Version 2.6
Pocoo Jinja2	Version 2.7

Related CWEs

References (34)

http://advisories.mageia.org/MGASA-2014-0028.html

Source: cve@mitre.org

http://jinja.pocoo.org/docs/changelog/

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2014/01/10/2

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2014/01/10/3

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0747.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0748.html

Source: cve@mitre.org

http://secunia.com/advisories/56287

Source: cve@mitre.org

http://secunia.com/advisories/58783

Source: cve@mitre.org

http://secunia.com/advisories/58918

Source: cve@mitre.org

http://secunia.com/advisories/59017

Source: cve@mitre.org

http://secunia.com/advisories/60738

Source: cve@mitre.org

http://secunia.com/advisories/60770

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:096

Source: cve@mitre.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1051421

Source: cve@mitre.org

https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2014-0028.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jinja.pocoo.org/docs/changelog/

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2014/01/10/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2014/01/10/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0747.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0748.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/56287

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/58783

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/58918

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59017

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60738

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60770

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2014:096

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1051421

Source: af854a3a-2127-422b-91ae-364da2661108

https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.