{"id":"CVE-2014-0012","details":"FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.","aliases":["GHSA-fqh9-2qgg-h84h","PYSEC-2014-82"],"modified":"2026-04-10T03:43:29.085601Z","published":"2014-05-19T14:55:10Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-SU-2015:1336-1","openSUSE-SU-2019:0244-1","openSUSE-SU-2024:10129-1","openSUSE-SU-2024:11208-1","openSUSE-SU-2024:13930-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/56328"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60738"},{"type":"EVIDENCE","url":"https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7"},{"type":"FIX","url":"https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7"},{"type":"FIX","url":"https://github.com/mitsuhiko/jinja2/pull/292"},{"type":"FIX","url":"https://github.com/mitsuhiko/jinja2/pull/296"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1051421"},{"type":"WEB","url":"http://seclists.org/oss-sec/2014/q1/73"},{"type":"WEB","url":"http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml"}],"schema_version":"1.7.5"}