vulnerability

Debian: CVE-2020-28493: jinja2 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Feb 1, 2021	Jul 30, 2024	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Feb 1, 2021

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

Solution

debian-upgrade-jinja2

References

CVE-2020-28493
https://attackerkb.com/topics/CVE-2020-28493
CWE-400
EUVD-EUVD-2021-0103
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-0103

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report