Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/py3-jinja2@3.1.4-r0?arch=armv7&distroversion=v3.20&reponame=main
Typeapk
Namespacealpine
Namepy3-jinja2
Version3.1.4-r0
Qualifiers
arch armv7
distroversion v3.20
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.1.5-r0
Latest_non_vulnerable_version3.1.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-at54-9w17-wbe8
vulnerability_id VCID-at54-9w17-wbe8
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for the previous GHSA-h5c8-rqwp-cp95 CVE-2024-22195 only addressed spaces but not other characters.

Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.7473
published_at 2026-04-18T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.74723
published_at 2026-04-16T12:55:00Z
2
value 0.00838
scoring_system epss
scoring_elements 0.74691
published_at 2026-04-09T12:55:00Z
3
value 0.00838
scoring_system epss
scoring_elements 0.74677
published_at 2026-04-08T12:55:00Z
4
value 0.00838
scoring_system epss
scoring_elements 0.74644
published_at 2026-04-02T12:55:00Z
5
value 0.00838
scoring_system epss
scoring_elements 0.74686
published_at 2026-04-13T12:55:00Z
6
value 0.00838
scoring_system epss
scoring_elements 0.74694
published_at 2026-04-12T12:55:00Z
7
value 0.00838
scoring_system epss
scoring_elements 0.7467
published_at 2026-04-04T12:55:00Z
8
value 0.00838
scoring_system epss
scoring_elements 0.74645
published_at 2026-04-07T12:55:00Z
9
value 0.00838
scoring_system epss
scoring_elements 0.74714
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
6
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
reference_id 1070712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
reference_id 2279476
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
reference_id 567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
reference_id GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
17
reference_url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
reference_id GHSA-h75v-3vvj-5mfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
18
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
19
reference_url https://access.redhat.com/errata/RHSA-2024:3795
reference_id RHSA-2024:3795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3795
20
reference_url https://access.redhat.com/errata/RHSA-2024:3811
reference_id RHSA-2024:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3811
21
reference_url https://access.redhat.com/errata/RHSA-2024:3820
reference_id RHSA-2024:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3820
22
reference_url https://access.redhat.com/errata/RHSA-2024:4231
reference_id RHSA-2024:4231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4231
23
reference_url https://access.redhat.com/errata/RHSA-2024:4404
reference_id RHSA-2024:4404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4404
24
reference_url https://access.redhat.com/errata/RHSA-2024:4414
reference_id RHSA-2024:4414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4414
25
reference_url https://access.redhat.com/errata/RHSA-2024:4427
reference_id RHSA-2024:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4427
26
reference_url https://access.redhat.com/errata/RHSA-2024:4522
reference_id RHSA-2024:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4522
27
reference_url https://access.redhat.com/errata/RHSA-2024:4616
reference_id RHSA-2024:4616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4616
28
reference_url https://access.redhat.com/errata/RHSA-2024:4958
reference_id RHSA-2024:4958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4958
29
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
30
reference_url https://access.redhat.com/errata/RHSA-2024:5810
reference_id RHSA-2024:5810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5810
31
reference_url https://access.redhat.com/errata/RHSA-2024:6011
reference_id RHSA-2024:6011
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6011
32
reference_url https://access.redhat.com/errata/RHSA-2024:9150
reference_id RHSA-2024:9150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9150
33
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
reference_id SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
35
reference_url https://usn.ubuntu.com/6787-1/
reference_id USN-6787-1
reference_type
scores
url https://usn.ubuntu.com/6787-1/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
reference_id ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
fixed_packages
0
url pkg:apk/alpine/py3-jinja2@3.1.4-r0?arch=armv7&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/py3-jinja2@3.1.4-r0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-jinja2@3.1.4-r0%3Farch=armv7&distroversion=v3.20&reponame=main
aliases CVE-2024-34064, GHSA-h75v-3vvj-5mfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at54-9w17-wbe8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-jinja2@3.1.4-r0%3Farch=armv7&distroversion=v3.20&reponame=main