← Back

Pocoo

pocoo

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Jinja2
jinja2
3 CVEs
Babel
babel
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-42771
2Debian
Pocoo
2Babel
Debian Linux
Nov 21, 2024
Oct 20, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
CVE-2019-8341
2Opensuse
Pocoo
2Jinja2
Leap
Nov 21, 2024
Feb 15, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker...Show more
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxingShow less
CVE-2014-1402
1Pocoo
1Jinja2
May 6, 2026
May 19, 2014
N/A· v4
N/A· v3
4.4 MEDIUM· v2
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting wi...Show more
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.Show less
CVE-2014-0012
1Pocoo
1Jinja2
May 6, 2026
May 19, 2014
N/A· v4
N/A· v3
4.4 MEDIUM· v2
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exist...Show more
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.Show less