Safety CI > cookiecutter/cookiecutter-django

master

2 months, 3 weeks ago

b7fc1973

Pin watchdog to 4.0.2 (#5335) Watchdog 5.0.0 was recently released. This update causes Werkzeug to

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 3 weeks ago

ede7c843

Release 2024.09.02

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 3 weeks ago

b30af679

Auto-update pre-commit hooks

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

update/pre-commit-autoupdate

2 months, 3 weeks ago

6cd2f5ac

Auto-update pre-commit hooks

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 3 weeks ago

aa1f8a80

Update django-allauth from 64.1.0 to 64.2.0

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 3 weeks ago

c9e76935

Update pytest-django from 4.8.0 to 4.9.0

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-pytest-django-4.8.0-to-4.9.0

2 months, 3 weeks ago

142c4683

Update pytest-django from 4.8.0 to 4.9.0

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-django-allauth-64.1.0-to-64.2.0

2 months, 3 weeks ago

39717d3c

Update django-allauth from 64.1.0 to 64.2.0

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

update/pre-commit-autoupdate

2 months, 3 weeks ago

8b2d4265

Auto-update pre-commit hooks

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 3 weeks ago

e443763e

Release 2024.08.30

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 3 weeks ago

f3c0b399

Update django-webpack-loader from 3.1.0 to 3.1.1 (#5336)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-django-webpack-loader-3.1.0-to-3.1.1

2 months, 3 weeks ago

bf81f875

Update django-webpack-loader from 3.1.0 to 3.1.1

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

update/pre-commit-autoupdate

2 months, 4 weeks ago

978f2880

Auto-update pre-commit hooks

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 4 weeks ago

5a53905f

Release 2024.08.29

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

2 months, 4 weeks ago

b1bfcfe1

Update ruff to 0.6.3 (#5333)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.