VDB
ALPINE-CVE-2020-28493
ALPINE-CVE-2020-28493
PUBLISHED
CVSS 5.300000190734863 MEDIUM
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.16 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.22 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.14 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.17 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.15 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.21 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.20 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.23 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.19 | py3-jinja2 | 0, 0, 0 |
| Alpine:v3.18 | py3-jinja2 | 0, 0, 0 |
Timeline
- Feb 1, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch