CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56326 – Jinja has a sandbox breakout through indirect reference to format method
https://notcve.org/view.php?id=CVE-2024-56326
23 Dec 2024 — Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. • https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 • CWE-693: Protection Mechanism Failure CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56201 – Jinja has a sandbox breakout through malicious filenames
https://notcve.org/view.php?id=CVE-2024-56201
23 Dec 2024 — Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where th... • https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34064 – Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
https://notcve.org/view.php?id=CVE-2024-34064
06 May 2024 — Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addres... • https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22195 – Jinja vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22195
11 Jan 2024 — Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.... • https://github.com/pallets/jinja/releases/tag/3.1.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28493 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2020-28493
01 Feb 2021 — This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. Esto afecta al paquete jinja2 desde versiones 0.0.0 y anteriores a 2.11.3. • https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10745 – python-jinja2: Sandbox escape due to information disclosure via str.format
https://notcve.org/view.php?id=CVE-2016-10745
08 Apr 2019 — In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. En Pallets Jinja versiones anteriores a 2.8.1, str.format permite un scape de sandbox A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity as well as system integrity. Python is an interpreted, interact... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html • CWE-134: Use of Externally-Controlled Format String CWE-138: Improper Neutralization of Special Elements •
CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2019-10906 – python-jinja2: str.format_map allows sandbox escape
https://notcve.org/view.php?id=CVE-2019-10906
06 Apr 2019 — In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. En Pallets Jinja, en versiones anteriores a la 2.10.1, str.format_map permite un escape de sandbox. A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html • CWE-138: Improper Neutralization of Special Elements •