cpe:/a:palletsprojects:jinja:2.8.1 cpe:/o:fedoraproject:fedora:28 cpe:/o:fedoraproject:fedora:29 cpe:/o:fedoraproject:fedora:30 CVE-2019-10906 2019-04-06T20:29:00.213-04:00 2019-06-06T12:29:00.497-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov FEDORA FEDORA-2019-04a42e480b FEDORA FEDORA-2019-4f978cacb4 FEDORA FEDORA-2019-e41e19457b REDHAT RHSA-2019:1152 REDHAT RHSA-2019:1237 REDHAT RHSA-2019:1329 UBUNTU USN-4011-1 UBUNTU USN-4011-2 MLIST [airflow-commits] 20190410 [GitHub] [airflow] XD-DENG commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [airflow-commits] 20190410 [GitHub] [airflow] XD-DENG opened a new pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [airflow-commits] 20190410 [GitHub] [airflow] ashb commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [airflow-commits] 20190410 [GitHub] [airflow] ashb merged pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [infra-devnull] 20190410 [GitHub] [airflow] XD-DENG commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [infra-devnull] 20190410 [GitHub] [airflow] XD-DENG opened pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [infra-devnull] 20190410 [GitHub] [airflow] ashb closed pull request #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MLIST [infra-devnull] 20190410 [GitHub] [airflow] ashb commented on issue #5075: [AIRFLOW-XXX] Change allowed version of Jinja2 to fix CVE-2019-10906 MISC https://palletsprojects.com/blog/jinja-2-10-1-released SUSE openSUSE-SU-2019:1395 SUSE openSUSE-SU-2019:1614 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.