- Description
- Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-150
- Hype score
- Not currently trending
Jinja2のCVE-2024-56326が本文中で "This vulnerability is rated as Moderate" と言いつつImportanr 6.3になっていますがCVE-2024-56201(Important 7.3)の合わせ技か何かで再評価されたのかな // CVE-2024-56326 - Red Hat Customer Portal https://t.co/XN8odLmQDT
@w4yh
24 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56201 (CVSS:8.8, HIGH) is Awaiting Analysis. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls b..https://t.co/jpbvDrnSgQ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
28 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56201 (CVSS:8.8, HIGH) is Awaiting Analysis. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls b..https://t.co/jpbvDrnSgQ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
27 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56201 Arbitrary Code Execution in Jinja Templates Before Version 3.1.5 ... https://t.co/6sV3vQhFkx Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
23 Dec 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56201 Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to … https://t.co/8jcwzktVaV
@CVEnew
23 Dec 2024
244 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes