Skip to content

Commit

Permalink
Latest data: Mon Jan 6 08:09:05 UTC 2025
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Jan 6, 2025
1 parent 5bc7899 commit bc6d6c7
Show file tree
Hide file tree
Showing 21 changed files with 112 additions and 42 deletions.
4 changes: 3 additions & 1 deletion audits/aider-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/ansible-lint-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/certsync-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/charmcraft-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/gdbgui-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -714,7 +715,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/gi-docgen-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/harlequin-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/libplacebo-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/litani-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/mentat-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -385,6 +385,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -818,7 +819,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/organize-tool-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/pytorch-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/recon-ng-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
4 changes: 3 additions & 1 deletion audits/sail-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-9x7g-9rfp-4xhm",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -161,7 +162,8 @@
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
"CGA-h3v9-xgx5-mrgr",
"CGA-p9v5-jpj2-q3ww"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down
Loading

0 comments on commit bc6d6c7

Please sign in to comment.