Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1kbp-vb7t-cqdw
Vulnerability ID VCID-1kbp-vb7t-cqdw
Aliases CVE-2014-1402
GHSA-8r7q-cvjq-x353
PYSEC-2014-8
Summary The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-266 Incorrect Privilege Assignment
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-377 Insecure Temporary File
System Score Found at
cvssv3.1 8.4 http://advisories.mageia.org/MGASA-2014-0028.html
cvssv4 8.6 http://advisories.mageia.org/MGASA-2014-0028.html
generic_textual HIGH http://advisories.mageia.org/MGASA-2014-0028.html
cvssv3.1 8.4 http://jinja.pocoo.org/docs/changelog
cvssv4 8.6 http://jinja.pocoo.org/docs/changelog
generic_textual HIGH http://jinja.pocoo.org/docs/changelog
cvssv3.1 8.4 http://openwall.com/lists/oss-security/2014/01/10/2
cvssv4 8.6 http://openwall.com/lists/oss-security/2014/01/10/2
generic_textual HIGH http://openwall.com/lists/oss-security/2014/01/10/2
cvssv3.1 8.4 http://openwall.com/lists/oss-security/2014/01/10/3
cvssv4 8.6 http://openwall.com/lists/oss-security/2014/01/10/3
generic_textual HIGH http://openwall.com/lists/oss-security/2014/01/10/3
cvssv3.1 8.4 http://rhn.redhat.com/errata/RHSA-2014-0747.html
cvssv4 8.6 http://rhn.redhat.com/errata/RHSA-2014-0747.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2014-0747.html
cvssv3.1 8.4 http://rhn.redhat.com/errata/RHSA-2014-0748.html
cvssv4 8.6 http://rhn.redhat.com/errata/RHSA-2014-0748.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2014-0748.html
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2014-1402
cvssv3.1 8.4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
cvssv4 8.6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
generic_textual HIGH https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
cvssv3.1 8.4 https://bugzilla.redhat.com/show_bug.cgi?id=1051421
cvssv4 8.6 https://bugzilla.redhat.com/show_bug.cgi?id=1051421
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1051421
cvssv3.1 8.4 https://github.com/advisories/GHSA-8r7q-cvjq-x353
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-8r7q-cvjq-x353
cvssv4 8.6 https://github.com/advisories/GHSA-8r7q-cvjq-x353
generic_textual HIGH https://github.com/advisories/GHSA-8r7q-cvjq-x353
cvssv3.1 8.4 https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
cvssv4 8.6 https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
cvssv3.1 8.4 https://nvd.nist.gov/vuln/detail/CVE-2014-1402
cvssv4 8.6 https://nvd.nist.gov/vuln/detail/CVE-2014-1402
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2014-1402
cvssv3.1 8.4 https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
cvssv4 8.6 https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
generic_textual HIGH https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
cvssv3.1 8.4 https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
cvssv4 8.6 https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
generic_textual HIGH https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
cvssv3.1 8.4 http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
cvssv4 8.6 http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
generic_textual HIGH http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2014-0028.html
http://jinja.pocoo.org/docs/changelog
http://jinja.pocoo.org/docs/changelog/
http://openwall.com/lists/oss-security/2014/01/10/2
http://openwall.com/lists/oss-security/2014/01/10/3
http://rhn.redhat.com/errata/RHSA-2014-0747.html
http://rhn.redhat.com/errata/RHSA-2014-0748.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1402.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1402
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1402
http://secunia.com/advisories/56287
http://secunia.com/advisories/58783
http://secunia.com/advisories/58918
http://secunia.com/advisories/59017
http://secunia.com/advisories/60738
http://secunia.com/advisories/60770
https://github.com/advisories/GHSA-8r7q-cvjq-x353
https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
CVE-2014-1402 https://nvd.nist.gov/vuln/detail/CVE-2014-1402
GLSA-201408-13 https://security.gentoo.org/glsa/201408-13
RHSA-2014:0747 https://access.redhat.com/errata/RHSA-2014:0747
RHSA-2014:0748 https://access.redhat.com/errata/RHSA-2014:0748
USN-2301-1 https://usn.ubuntu.com/2301-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://advisories.mageia.org/MGASA-2014-0028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://advisories.mageia.org/MGASA-2014-0028.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://jinja.pocoo.org/docs/changelog
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://jinja.pocoo.org/docs/changelog
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2014/01/10/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://openwall.com/lists/oss-security/2014/01/10/2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2014/01/10/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://openwall.com/lists/oss-security/2014/01/10/3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2014-0747.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://rhn.redhat.com/errata/RHSA-2014-0747.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2014-0748.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://rhn.redhat.com/errata/RHSA-2014-0748.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1051421
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1051421
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-8r7q-cvjq-x353
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/advisories/GHSA-8r7q-cvjq-x353
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2014-1402
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-1402
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.26716
EPSS Score 0.00096
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:41:01.787246+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2014-8.yaml 38.0.0