Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/jinja2@3.0.0rc2
Typepypi
Namespace
Namejinja2
Version3.0.0rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.6
Latest_non_vulnerable_version3.1.6
Affected_by_vulnerabilities
0
url VCID-23hx-apt2-77bn
vulnerability_id VCID-23hx-apt2-77bn
summary 
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the `|attr` filter no longer bypasses the environment's attribute lookup.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27516
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32859
published_at 2026-04-13T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36212
published_at 2026-04-18T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36227
published_at 2026-04-16T12:55:00Z
3
value 0.00214
scoring_system epss
scoring_elements 0.43888
published_at 2026-04-07T12:55:00Z
4
value 0.00214
scoring_system epss
scoring_elements 0.43958
published_at 2026-04-11T12:55:00Z
5
value 0.00214
scoring_system epss
scoring_elements 0.43936
published_at 2026-04-02T12:55:00Z
6
value 0.00214
scoring_system epss
scoring_elements 0.43925
published_at 2026-04-12T12:55:00Z
7
value 0.00214
scoring_system epss
scoring_elements 0.43941
published_at 2026-04-09T12:55:00Z
8
value 0.00214
scoring_system epss
scoring_elements 0.43939
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/
url https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
6
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
7
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27516
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27516
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
reference_id 1099690
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2350190
reference_id 2350190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2350190
12
reference_url https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
reference_id GHSA-cpwx-vrp4-4pq7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
13
reference_url https://access.redhat.com/errata/RHSA-2025:2664
reference_id RHSA-2025:2664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2664
14
reference_url https://access.redhat.com/errata/RHSA-2025:2688
reference_id RHSA-2025:2688
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2688
15
reference_url https://access.redhat.com/errata/RHSA-2025:3017
reference_id RHSA-2025:3017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3017
16
reference_url https://access.redhat.com/errata/RHSA-2025:3111
reference_id RHSA-2025:3111
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3111
17
reference_url https://access.redhat.com/errata/RHSA-2025:3113
reference_id RHSA-2025:3113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3113
18
reference_url https://access.redhat.com/errata/RHSA-2025:3123
reference_id RHSA-2025:3123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3123
19
reference_url https://access.redhat.com/errata/RHSA-2025:3124
reference_id RHSA-2025:3124
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3124
20
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
21
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
22
reference_url https://access.redhat.com/errata/RHSA-2025:3371
reference_id RHSA-2025:3371
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3371
23
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
24
reference_url https://access.redhat.com/errata/RHSA-2025:3388
reference_id RHSA-2025:3388
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3388
25
reference_url https://access.redhat.com/errata/RHSA-2025:3406
reference_id RHSA-2025:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3406
26
reference_url https://access.redhat.com/errata/RHSA-2025:3562
reference_id RHSA-2025:3562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3562
27
reference_url https://access.redhat.com/errata/RHSA-2025:3568
reference_id RHSA-2025:3568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3568
28
reference_url https://access.redhat.com/errata/RHSA-2025:3580
reference_id RHSA-2025:3580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3580
29
reference_url https://access.redhat.com/errata/RHSA-2025:3585
reference_id RHSA-2025:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3585
30
reference_url https://access.redhat.com/errata/RHSA-2025:3586
reference_id RHSA-2025:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3586
31
reference_url https://access.redhat.com/errata/RHSA-2025:3588
reference_id RHSA-2025:3588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3588
32
reference_url https://access.redhat.com/errata/RHSA-2025:3595
reference_id RHSA-2025:3595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3595
33
reference_url https://access.redhat.com/errata/RHSA-2025:3622
reference_id RHSA-2025:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3622
34
reference_url https://access.redhat.com/errata/RHSA-2025:3671
reference_id RHSA-2025:3671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3671
35
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
36
reference_url https://access.redhat.com/errata/RHSA-2025:3779
reference_id RHSA-2025:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3779
37
reference_url https://access.redhat.com/errata/RHSA-2025:3789
reference_id RHSA-2025:3789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3789
38
reference_url https://access.redhat.com/errata/RHSA-2025:4018
reference_id RHSA-2025:4018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4018
39
reference_url https://access.redhat.com/errata/RHSA-2025:4203
reference_id RHSA-2025:4203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4203
40
reference_url https://access.redhat.com/errata/RHSA-2025:4408
reference_id RHSA-2025:4408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4408
41
reference_url https://access.redhat.com/errata/RHSA-2025:4431
reference_id RHSA-2025:4431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4431
42
reference_url https://access.redhat.com/errata/RHSA-2025:4730
reference_id RHSA-2025:4730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4730
43
reference_url https://access.redhat.com/errata/RHSA-2025:7476
reference_id RHSA-2025:7476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7476
44
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.6
purl pkg:pypi/jinja2@3.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.6
aliases CVE-2025-27516, GHSA-cpwx-vrp4-4pq7
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23hx-apt2-77bn
1
url VCID-8vr3-83b4-hqd2
vulnerability_id VCID-8vr3-83b4-hqd2
summary 
Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56493
published_at 2026-04-08T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56508
published_at 2026-04-11T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56498
published_at 2026-04-16T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56442
published_at 2026-04-07T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.5646
published_at 2026-04-04T12:55:00Z
5
value 0.00336
scoring_system epss
scoring_elements 0.56438
published_at 2026-04-02T12:55:00Z
6
value 0.00336
scoring_system epss
scoring_elements 0.56465
published_at 2026-04-13T12:55:00Z
7
value 0.00336
scoring_system epss
scoring_elements 0.56484
published_at 2026-04-12T12:55:00Z
8
value 0.00456
scoring_system epss
scoring_elements 0.63929
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/releases/tag/3.1.5
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
8
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
reference_id 1091331
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
reference_id 2333856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
12
reference_url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
reference_id GHSA-q2x7-8rv6-6q7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
13
reference_url https://access.redhat.com/errata/RHSA-2025:0308
reference_id RHSA-2025:0308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0308
14
reference_url https://access.redhat.com/errata/RHSA-2025:0335
reference_id RHSA-2025:0335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0335
15
reference_url https://access.redhat.com/errata/RHSA-2025:0338
reference_id RHSA-2025:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0338
16
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
17
reference_url https://access.redhat.com/errata/RHSA-2025:0345
reference_id RHSA-2025:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0345
18
reference_url https://access.redhat.com/errata/RHSA-2025:0656
reference_id RHSA-2025:0656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0656
19
reference_url https://access.redhat.com/errata/RHSA-2025:0667
reference_id RHSA-2025:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0667
20
reference_url https://access.redhat.com/errata/RHSA-2025:0711
reference_id RHSA-2025:0711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0711
21
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
22
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
23
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
24
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
25
reference_url https://access.redhat.com/errata/RHSA-2025:0834
reference_id RHSA-2025:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0834
26
reference_url https://access.redhat.com/errata/RHSA-2025:0842
reference_id RHSA-2025:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0842
27
reference_url https://access.redhat.com/errata/RHSA-2025:0850
reference_id RHSA-2025:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0850
28
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
29
reference_url https://access.redhat.com/errata/RHSA-2025:0883
reference_id RHSA-2025:0883
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0883
30
reference_url https://access.redhat.com/errata/RHSA-2025:0950
reference_id RHSA-2025:0950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0950
31
reference_url https://access.redhat.com/errata/RHSA-2025:0951
reference_id RHSA-2025:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0951
32
reference_url https://access.redhat.com/errata/RHSA-2025:0978
reference_id RHSA-2025:0978
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0978
33
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
34
reference_url https://access.redhat.com/errata/RHSA-2025:1109
reference_id RHSA-2025:1109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1109
35
reference_url https://access.redhat.com/errata/RHSA-2025:1118
reference_id RHSA-2025:1118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1118
36
reference_url https://access.redhat.com/errata/RHSA-2025:1123
reference_id RHSA-2025:1123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1123
37
reference_url https://access.redhat.com/errata/RHSA-2025:1130
reference_id RHSA-2025:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1130
38
reference_url https://access.redhat.com/errata/RHSA-2025:1241
reference_id RHSA-2025:1241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1241
39
reference_url https://access.redhat.com/errata/RHSA-2025:1250
reference_id RHSA-2025:1250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1250
40
reference_url https://access.redhat.com/errata/RHSA-2025:1710
reference_id RHSA-2025:1710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1710
41
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
42
reference_url https://access.redhat.com/errata/RHSA-2025:2612
reference_id RHSA-2025:2612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2612
43
reference_url https://access.redhat.com/errata/RHSA-2025:2700
reference_id RHSA-2025:2700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2700
44
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
45
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
46
reference_url https://usn.ubuntu.com/7244-1/
reference_id USN-7244-1
reference_type
scores
url https://usn.ubuntu.com/7244-1/
47
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.5
purl pkg:pypi/jinja2@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.5
aliases CVE-2024-56326, GHSA-q2x7-8rv6-6q7h
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vr3-83b4-hqd2
2
url VCID-at54-9w17-wbe8
vulnerability_id VCID-at54-9w17-wbe8
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for the previous GHSA-h5c8-rqwp-cp95 CVE-2024-22195 only addressed spaces but not other characters.

Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.7473
published_at 2026-04-18T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.74723
published_at 2026-04-16T12:55:00Z
2
value 0.00838
scoring_system epss
scoring_elements 0.74691
published_at 2026-04-09T12:55:00Z
3
value 0.00838
scoring_system epss
scoring_elements 0.74677
published_at 2026-04-08T12:55:00Z
4
value 0.00838
scoring_system epss
scoring_elements 0.74644
published_at 2026-04-02T12:55:00Z
5
value 0.00838
scoring_system epss
scoring_elements 0.74686
published_at 2026-04-13T12:55:00Z
6
value 0.00838
scoring_system epss
scoring_elements 0.74694
published_at 2026-04-12T12:55:00Z
7
value 0.00838
scoring_system epss
scoring_elements 0.7467
published_at 2026-04-04T12:55:00Z
8
value 0.00838
scoring_system epss
scoring_elements 0.74645
published_at 2026-04-07T12:55:00Z
9
value 0.00838
scoring_system epss
scoring_elements 0.74714
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
6
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
reference_id 1070712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
reference_id 2279476
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
reference_id 567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
reference_id GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
17
reference_url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
reference_id GHSA-h75v-3vvj-5mfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
18
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
19
reference_url https://access.redhat.com/errata/RHSA-2024:3795
reference_id RHSA-2024:3795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3795
20
reference_url https://access.redhat.com/errata/RHSA-2024:3811
reference_id RHSA-2024:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3811
21
reference_url https://access.redhat.com/errata/RHSA-2024:3820
reference_id RHSA-2024:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3820
22
reference_url https://access.redhat.com/errata/RHSA-2024:4231
reference_id RHSA-2024:4231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4231
23
reference_url https://access.redhat.com/errata/RHSA-2024:4404
reference_id RHSA-2024:4404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4404
24
reference_url https://access.redhat.com/errata/RHSA-2024:4414
reference_id RHSA-2024:4414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4414
25
reference_url https://access.redhat.com/errata/RHSA-2024:4427
reference_id RHSA-2024:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4427
26
reference_url https://access.redhat.com/errata/RHSA-2024:4522
reference_id RHSA-2024:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4522
27
reference_url https://access.redhat.com/errata/RHSA-2024:4616
reference_id RHSA-2024:4616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4616
28
reference_url https://access.redhat.com/errata/RHSA-2024:4958
reference_id RHSA-2024:4958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4958
29
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
30
reference_url https://access.redhat.com/errata/RHSA-2024:5810
reference_id RHSA-2024:5810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5810
31
reference_url https://access.redhat.com/errata/RHSA-2024:6011
reference_id RHSA-2024:6011
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6011
32
reference_url https://access.redhat.com/errata/RHSA-2024:9150
reference_id RHSA-2024:9150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9150
33
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
reference_id SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
35
reference_url https://usn.ubuntu.com/6787-1/
reference_id USN-6787-1
reference_type
scores
url https://usn.ubuntu.com/6787-1/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
reference_id ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
fixed_packages
0
url pkg:pypi/jinja2@3.1.4
purl pkg:pypi/jinja2@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-8vr3-83b4-hqd2
2
vulnerability VCID-jyfq-pjwy-n7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.4
aliases CVE-2024-34064, GHSA-h75v-3vvj-5mfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at54-9w17-wbe8
3
url VCID-np94-ghhk-nug4
vulnerability_id VCID-np94-ghhk-nug4
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the `xmlattr` filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3571
published_at 2026-04-18T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35722
published_at 2026-04-16T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35681
published_at 2026-04-13T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35704
published_at 2026-04-12T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35749
published_at 2026-04-11T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.3574
published_at 2026-04-09T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35717
published_at 2026-04-08T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35671
published_at 2026-04-07T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35791
published_at 2026-04-04T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35765
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/releases/tag/3.1.3
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
8
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
reference_id 1060748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
reference_id 2257854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
reference_id 5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
reference_id DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
18
reference_url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
reference_id GHSA-h5c8-rqwp-cp95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
reference_id O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
20
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
21
reference_url https://access.redhat.com/errata/RHSA-2024:1155
reference_id RHSA-2024:1155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1155
22
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
23
reference_url https://access.redhat.com/errata/RHSA-2024:2132
reference_id RHSA-2024:2132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2132
24
reference_url https://access.redhat.com/errata/RHSA-2024:2348
reference_id RHSA-2024:2348
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2348
25
reference_url https://access.redhat.com/errata/RHSA-2024:2733
reference_id RHSA-2024:2733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2733
26
reference_url https://access.redhat.com/errata/RHSA-2024:2968
reference_id RHSA-2024:2968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2968
27
reference_url https://access.redhat.com/errata/RHSA-2024:2987
reference_id RHSA-2024:2987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2987
28
reference_url https://access.redhat.com/errata/RHSA-2024:3102
reference_id RHSA-2024:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3102
29
reference_url https://access.redhat.com/errata/RHSA-2024:3927
reference_id RHSA-2024:3927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3927
30
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.3
purl pkg:pypi/jinja2@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-8vr3-83b4-hqd2
2
vulnerability VCID-at54-9w17-wbe8
3
vulnerability VCID-jyfq-pjwy-n7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.3
aliases CVE-2024-22195, GHSA-h5c8-rqwp-cp95
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-np94-ghhk-nug4
Fixing_vulnerabilities
Risk_score3.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.0.0rc2