Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/py3-jinja2@3.1.3-r0?arch=riscv64&distroversion=v3.22&reponame=main
Typeapk
Namespacealpine
Namepy3-jinja2
Version3.1.3-r0
Qualifiers
arch riscv64
distroversion v3.22
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.1.4-r0
Latest_non_vulnerable_version3.1.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-np94-ghhk-nug4
vulnerability_id VCID-np94-ghhk-nug4
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the `xmlattr` filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3571
published_at 2026-04-18T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35722
published_at 2026-04-16T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35681
published_at 2026-04-13T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35704
published_at 2026-04-12T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35749
published_at 2026-04-11T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.3574
published_at 2026-04-09T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35717
published_at 2026-04-08T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35671
published_at 2026-04-07T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35791
published_at 2026-04-04T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35765
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/releases/tag/3.1.3
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
8
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
reference_id 1060748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
reference_id 2257854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
reference_id 5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
reference_id DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
18
reference_url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
reference_id GHSA-h5c8-rqwp-cp95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
reference_id O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
20
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
21
reference_url https://access.redhat.com/errata/RHSA-2024:1155
reference_id RHSA-2024:1155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1155
22
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
23
reference_url https://access.redhat.com/errata/RHSA-2024:2132
reference_id RHSA-2024:2132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2132
24
reference_url https://access.redhat.com/errata/RHSA-2024:2348
reference_id RHSA-2024:2348
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2348
25
reference_url https://access.redhat.com/errata/RHSA-2024:2733
reference_id RHSA-2024:2733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2733
26
reference_url https://access.redhat.com/errata/RHSA-2024:2968
reference_id RHSA-2024:2968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2968
27
reference_url https://access.redhat.com/errata/RHSA-2024:2987
reference_id RHSA-2024:2987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2987
28
reference_url https://access.redhat.com/errata/RHSA-2024:3102
reference_id RHSA-2024:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3102
29
reference_url https://access.redhat.com/errata/RHSA-2024:3927
reference_id RHSA-2024:3927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3927
30
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:apk/alpine/py3-jinja2@3.1.3-r0?arch=riscv64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/py3-jinja2@3.1.3-r0?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-jinja2@3.1.3-r0%3Farch=riscv64&distroversion=v3.22&reponame=main
aliases CVE-2024-22195, GHSA-h5c8-rqwp-cp95
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-np94-ghhk-nug4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-jinja2@3.1.3-r0%3Farch=riscv64&distroversion=v3.22&reponame=main