Incorrect Privilege Assignment in Jinja2
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 23, 2024
Description
Published by the National Vulnerability Database
May 19, 2014
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 7, 2022
Last updated
Feb 23, 2024
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with _jinja2 in /tmp.
References