Skip to content

Commit

Permalink
Latest data: Fri Jan 10 08:06:41 UTC 2025
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Jan 10, 2025
1 parent decb84e commit a87ee68
Show file tree
Hide file tree
Showing 22 changed files with 114 additions and 54 deletions.
6 changes: 5 additions & 1 deletion audits/aider-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/ansible-lint-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/certsync-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/charmcraft-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/gdbgui-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,8 +286,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -682,8 +684,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/gi-docgen-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/harlequin-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/libplacebo-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/litani-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/mentat-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -786,8 +788,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/organize-tool-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
6 changes: 5 additions & 1 deletion audits/pytorch-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@
"CGA-gvvw-7w3r-7m54",
"CGA-h79h-32w2-7vmp",
"CGA-jjj9-fv4h-c9cv",
"CGA-jr6g-xxjr-rgc8",
"CGA-mvqg-6j62-4pjm",
"CGA-vj5f-6mc5-q329",
"CGA-w9xc-2j9j-8rrv",
"CGA-whf8-42p9-686q"
],
"summary": "Jinja has a sandbox breakout through malicious filenames",
Expand Down Expand Up @@ -129,8 +131,10 @@
"CGA-f7wq-crqm-v76f",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr",
"CGA-hvm4-vp8w-6q8r",
"CGA-p9v5-jpj2-q3ww",
"CGA-rx48-pgcw-gx64"
"CGA-rx48-pgcw-gx64",
"CGA-w2xv-8gr2-xp8m"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
Loading

0 comments on commit a87ee68

Please sign in to comment.