{"id":"CVE-2016-10745","details":"In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.","aliases":["GHSA-hj2j-77xm-mc5v","PYSEC-2019-220"],"modified":"2026-03-20T11:05:13.268972Z","published":"2019-04-08T13:29:00.280Z","related":["MGASA-2019-0177","SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-SU-2019:1156-1","SUSE-SU-2019:1323-1","SUSE-SU-2019:1554-1","SUSE-SU-2020:3897-1","openSUSE-SU-2019:1395-1","openSUSE-SU-2024:11208-1","openSUSE-SU-2024:13930-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/4011-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4011-2/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4062"},{"type":"ADVISORY","url":"https://palletsprojects.com/blog/jinja-281-released/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1237"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3964"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1022"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1260"},{"type":"FIX","url":"https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pallets/jinja","events":[{"introduced":"0"},{"fixed":"209fd39b2750400d51bf571740fe5ba23008c20e"},{"fixed":"9b53045c34e61013dc8f09b7e52a555fa16bed16"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.8.1"}]}}],"versions":["2.0","2.0rc1","2.1","2.1.1","2.2","2.2.1","2.3","2.3.1","2.4","2.4.1","2.5","2.5.1","2.5.3","2.5.4","2.5.5","2.6","2.7","2.7.1","2.7.2","2.7.3","2.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10745.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}]}