Is CVE-2020-28493 actively exploited?

CVE-2020-28493 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-28493?

CVE-2020-28493 has a CVSS score of 5.3 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

How do I patch CVE-2020-28493?

Patch guidance is available from palletsprojects security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-28493.

CVE-2020-28493 - remediation guidance & executive summary

Q: Which products are affected by CVE-2020-28493?

2 products: palletsprojects jinja, fedoraproject fedora.

Description

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
Weaknesses: CWE-400

Metadata

Primary Vendor: PALLETSPROJECTS
Published: 2/1/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

palletsprojects : jinjafedoraproject : fedora

Remediation Guidance

Executive Summary

Cite this page

CVE-2020-28493. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2020-28493

View on NIST NVD

CVE-2020-28493 vulnerability