Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-22195

Опубликовано: 11 янв. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.4

Описание

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja xmlattr filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

released

3.1.2-1ubuntu1
esm-infra-legacy/trusty

not-affected

2.7.2-2ubuntu0.1~esm2
esm-infra/bionic

released

2.10-1ubuntu0.18.04.1+esm1
esm-infra/focal

not-affected

2.10.1-2ubuntu0.2
esm-infra/xenial

released

2.8-1ubuntu0.1+esm2
focal

released

2.10.1-2ubuntu0.2
jammy

released

3.0.3-1ubuntu0.1
lunar

ignored

end of life
mantic

released

3.1.2-1ubuntu0.23.10.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 27%
0.00093
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-22195

CVSS3: 5.4
redhat
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

nvd логотип

CVE-2024-22195

CVSS3: 5.4
nvd
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

msrc логотип

CVE-2024-22195

CVSS3: 6.1
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-22195

CVSS3: 5.4
debian
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the ...

rocky логотип

RLSA-2024:3102

rocky
около 1 года назад

Moderate: python-jinja2 security update

EPSS

Процентиль: 27%
0.00093
Низкий

5.4 Medium

CVSS3