Количество 17
Количество 17
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
CVE-2024-22195
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the ...
RLSA-2024:3102
Moderate: python-jinja2 security update
GHSA-h5c8-rqwp-cp95
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
ELSA-2024-3102
ELSA-2024-3102: python-jinja2 security update (MODERATE)
ELSA-2024-2348
ELSA-2024-2348: python-jinja2 security update (MODERATE)
BDU:2024-00884
Уязвимость фильтра xmlattr шаблонизатора Jinja2 для языка программирования Python, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
SUSE-SU-2024:1864-1
Security update for python-Jinja2
SUSE-SU-2024:1863-1
Security update for python-Jinja2
ROS-20240902-04
Уязвимость python3-jinja2
RLSA-2024:2968
Moderate: fence-agents security and bug fix update
ELSA-2024-2968
ELSA-2024-2968: fence-agents security and bug fix update (MODERATE)
ELSA-2024-2132
ELSA-2024-2132: fence-agents security and bug fix update (MODERATE)
ELSA-2024-2987
ELSA-2024-2987: python27:2.7 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-22195 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. | CVSS3: 5.4 | 0% Низкий | почти 2 года назад |
 | CVE-2024-22195 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. | CVSS3: 5.4 | 0% Низкий | почти 2 года назад |
 | CVE-2024-22195 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. | CVSS3: 5.4 | 0% Низкий | почти 2 года назад |
 | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад | |
| CVE-2024-22195 Jinja is an extensible templating engine. Special placeholders in the ... | CVSS3: 5.4 | 0% Низкий | почти 2 года назад |
 | RLSA-2024:3102 Moderate: python-jinja2 security update | 0% Низкий | больше 1 года назад | |
| GHSA-h5c8-rqwp-cp95 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter | CVSS3: 5.4 | 0% Низкий | почти 2 года назад |
| ELSA-2024-3102 ELSA-2024-3102: python-jinja2 security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2348 ELSA-2024-2348: python-jinja2 security update (MODERATE) | больше 1 года назад | ||
 | BDU:2024-00884 Уязвимость фильтра xmlattr шаблонизатора Jinja2 для языка программирования Python, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 6.1 | 0% Низкий | почти 2 года назад |
 | SUSE-SU-2024:1864-1 Security update for python-Jinja2 | больше 1 года назад | ||
| SUSE-SU-2024:1863-1 Security update for python-Jinja2 | больше 1 года назад | ||
 | ROS-20240902-04 Уязвимость python3-jinja2 | CVSS3: 6.1 | 0% Низкий | около 1 года назад |
| RLSA-2024:2968 Moderate: fence-agents security and bug fix update | больше 1 года назад | ||
| ELSA-2024-2968 ELSA-2024-2968: fence-agents security and bug fix update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2132 ELSA-2024-2132: fence-agents security and bug fix update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2987 ELSA-2024-2987: python27:2.7 security update (MODERATE) | больше 1 года назад |
Уязвимостей на страницу