templated-dictionary@1.2 vulnerabilities
Dictionary with Jinja2 expansion
-
latest version
1.2
-
first published
4 years ago
-
latest version published
2 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the templated-dictionary package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
templated-dictionary is a Dictionary with Jinja2 expansion Affected versions of this package are vulnerable to Improper Input Validation due to the lack of sandboxing when expanding and executing Jinja2 templates that may be included in some configuration parameters. A user who can control configuration tags can achieve privilege escalation and execute arbitrary code as the build system's user (potentially including root) by defining configuration tags that will be passed to How to fix Improper Input Validation? A fix was pushed into the |
[0,)
|