Количество 10
Количество 10
CVE-2024-56201
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
CVE-2024-56201
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
CVE-2024-56201
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
CVE-2024-56201
CVE-2024-56201
Jinja is an extensible templating engine. In versions on the 3.x branc ...
GHSA-gmj6-6f8f-6699
Jinja has a sandbox breakout through malicious filenames
BDU:2025-00112
Уязвимость компилятора инструмента для html-шаблонизации jinja, позволяющая нарушителю обойти защитный механизм песочницы, выполнить произвольный код или вызвать отказ в обслуживании
SUSE-SU-2025:0006-1
Security update for python-Jinja2
ELSA-2025-0308
ELSA-2025-0308: fence-agents security update (IMPORTANT)
ROS-20250121-09
Множественные уязвимости python3-jinja2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-56201 Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | 0% Низкий | 6 месяцев назад | |
 | CVE-2024-56201 Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | CVSS3: 7.3 | 0% Низкий | 6 месяцев назад |
 | CVE-2024-56201 Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | 0% Низкий | 6 месяцев назад | |
 | CVSS3: 8.8 | 0% Низкий | 5 месяцев назад | |
| CVE-2024-56201 Jinja is an extensible templating engine. In versions on the 3.x branc ... | 0% Низкий | 6 месяцев назад | |
| GHSA-gmj6-6f8f-6699 Jinja has a sandbox breakout through malicious filenames | CVSS3: 8.8 | 0% Низкий | 6 месяцев назад |
 | BDU:2025-00112 Уязвимость компилятора инструмента для html-шаблонизации jinja, позволяющая нарушителю обойти защитный механизм песочницы, выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 7.3 | 0% Низкий | больше 2 лет назад |
 | SUSE-SU-2025:0006-1 Security update for python-Jinja2 | 6 месяцев назад | ||
| ELSA-2025-0308 ELSA-2025-0308: fence-agents security update (IMPORTANT) | 5 месяцев назад | ||
 | ROS-20250121-09 Множественные уязвимости python3-jinja2 | CVSS3: 7.3 | 5 месяцев назад |
Уязвимостей на страницу