Safety CI > cookiecutter/cookiecutter-django

master

3 months ago

e90704fd

Remove unnecessary --dry-run flag (#5323)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

44ef8251

Update pygithub from 2.3.0 to 2.4.0 (#5326)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

31bfe6de

Update Contributors

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

2a6d2cc2

Check DB migrations in GitHub CI (#5322)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-pygithub-2.3.0-to-2.4.0

3 months ago

be29fb4b

Update pygithub from 2.3.0 to 2.4.0

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

6e1bab9d

Update mypy from 1.11.1 to 1.11.2 (#5320)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-mypy-1.11.1-to-1.11.2

3 months ago

48df85ee

Update mypy from 1.11.1 to 1.11.2

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

f947c612

Release 2024.08.23

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

1bbe30c9

Update werkzeug from 3.0.3 to 3.0.4 (#5313)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

e869ad8e

Update ruff to 0.6.2 (#5316)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-ruff-0.6.1-to-0.6.2

3 months ago

713622c3

Merge branch 'master' into pyup-update-ruff-0.6.1-to-0.6.2

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

pyup-update-ruff-0.6.1-to-0.6.2

3 months ago

791c2257

Auto-update ruff pre-commit hook (#5317)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

update/pre-commit-autoupdate

3 months ago

adb62dae

Auto-update pre-commit hooks

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

4bbc2a7f

Release 2024.08.22

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

master

3 months ago

9b0ce11d

Update django-celery-beat from 2.6.0 to 2.7.0

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info
jinja2	3.1.4	>=0	show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

Package

Installed

Affected

Info

jinja2

3.1.4

>=0

show

In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. 
NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.