-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability arises from two key functions. First, the init method of FileSystemBytecodeCache initially used the insecure system temp directory. The fix in 2.7.2 introduced _get_default_cache_dir to create user-specific directories but failed to validate existing directories' ownership and permissions, leading to CVE-2014-0012. Both functions contributed to insecure temporary file handling, allowing local privilege escalation by pre-creating directories with predictable names and insufficient access controls.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Jinja2 | pip | < 2.7.2 | 2.7.2 |
Ongoing coverage of React2Shell