Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/jinja2@2.7.3
Typepypi
Namespace
Namejinja2
Version2.7.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.6
Latest_non_vulnerable_version3.1.6
Affected_by_vulnerabilities
0
url VCID-437r-g9sm-6yfx
vulnerability_id VCID-437r-g9sm-6yfx
summary This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28493
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.4297
published_at 2026-06-04T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43044
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28493
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g3rq-g295-4j3m
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g3rq-g295-4j3m
5
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
6
reference_url https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
7
reference_url https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
8
reference_url https://github.com/pallets/jinja/pull/1343
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/pull/1343
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
12
reference_url https://security.gentoo.org/glsa/202107-19
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-19
13
reference_url https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928707
reference_id 1928707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928707
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736
reference_id 982736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736
16
reference_url https://security.archlinux.org/ASA-202102-19
reference_id ASA-202102-19
reference_type
scores
url https://security.archlinux.org/ASA-202102-19
17
reference_url https://security.archlinux.org/AVG-1523
reference_id AVG-1523
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1523
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28493
reference_id CVE-2020-28493
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28493
19
reference_url https://access.redhat.com/errata/RHSA-2021:3252
reference_id RHSA-2021:3252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3252
20
reference_url https://access.redhat.com/errata/RHSA-2021:4151
reference_id RHSA-2021:4151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4151
21
reference_url https://access.redhat.com/errata/RHSA-2021:4161
reference_id RHSA-2021:4161
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4161
22
reference_url https://access.redhat.com/errata/RHSA-2021:4162
reference_id RHSA-2021:4162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4162
23
reference_url https://usn.ubuntu.com/5701-1/
reference_id USN-5701-1
reference_type
scores
url https://usn.ubuntu.com/5701-1/
24
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:pypi/jinja2@2.11.3
purl pkg:pypi/jinja2@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7gy5-vyx2-kqdy
1
vulnerability VCID-7q45-y8e4-bycm
2
vulnerability VCID-cm1z-thb7-k7fb
3
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.11.3
aliases CVE-2020-28493, GHSA-g3rq-g295-4j3m, PYSEC-2021-66, SNYK-PYTHON-JINJA2-1012994
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-437r-g9sm-6yfx
1
url VCID-7gy5-vyx2-kqdy
vulnerability_id VCID-7gy5-vyx2-kqdy
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the `xmlattr` filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35474
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/releases/tag/3.1.3
7
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
reference_id 1060748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
reference_id 2257854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
reference_id 5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
reference_id CVE-2024-22195
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
reference_id DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
17
reference_url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
reference_id GHSA-h5c8-rqwp-cp95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
18
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
reference_id GHSA-h5c8-rqwp-cp95
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
reference_id O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
20
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
21
reference_url https://access.redhat.com/errata/RHSA-2024:1155
reference_id RHSA-2024:1155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1155
22
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
23
reference_url https://access.redhat.com/errata/RHSA-2024:2132
reference_id RHSA-2024:2132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2132
24
reference_url https://access.redhat.com/errata/RHSA-2024:2348
reference_id RHSA-2024:2348
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2348
25
reference_url https://access.redhat.com/errata/RHSA-2024:2733
reference_id RHSA-2024:2733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2733
26
reference_url https://access.redhat.com/errata/RHSA-2024:2968
reference_id RHSA-2024:2968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2968
27
reference_url https://access.redhat.com/errata/RHSA-2024:2987
reference_id RHSA-2024:2987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2987
28
reference_url https://access.redhat.com/errata/RHSA-2024:3102
reference_id RHSA-2024:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3102
29
reference_url https://access.redhat.com/errata/RHSA-2024:3927
reference_id RHSA-2024:3927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3927
30
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.3
purl pkg:pypi/jinja2@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7q45-y8e4-bycm
1
vulnerability VCID-cm1z-thb7-k7fb
2
vulnerability VCID-npd2-9hy6-7ydx
3
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.3
aliases CVE-2024-22195, GHSA-h5c8-rqwp-cp95
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gy5-vyx2-kqdy
2
url VCID-7q45-y8e4-bycm
vulnerability_id VCID-7q45-y8e4-bycm
summary 
Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
reference_id
reference_type
scores
0
value 0.0057
scoring_system epss
scoring_elements 0.69005
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/releases/tag/3.1.5
7
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
reference_id 1091331
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
reference_id 2333856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
reference_id CVE-2024-56326
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
11
reference_url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
reference_id GHSA-q2x7-8rv6-6q7h
reference_type
scores
url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
12
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
reference_id GHSA-q2x7-8rv6-6q7h
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
13
reference_url https://access.redhat.com/errata/RHSA-2025:0308
reference_id RHSA-2025:0308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0308
14
reference_url https://access.redhat.com/errata/RHSA-2025:0335
reference_id RHSA-2025:0335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0335
15
reference_url https://access.redhat.com/errata/RHSA-2025:0338
reference_id RHSA-2025:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0338
16
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
17
reference_url https://access.redhat.com/errata/RHSA-2025:0345
reference_id RHSA-2025:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0345
18
reference_url https://access.redhat.com/errata/RHSA-2025:0656
reference_id RHSA-2025:0656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0656
19
reference_url https://access.redhat.com/errata/RHSA-2025:0667
reference_id RHSA-2025:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0667
20
reference_url https://access.redhat.com/errata/RHSA-2025:0711
reference_id RHSA-2025:0711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0711
21
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
22
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
23
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
24
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
25
reference_url https://access.redhat.com/errata/RHSA-2025:0830
reference_id RHSA-2025:0830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0830
26
reference_url https://access.redhat.com/errata/RHSA-2025:0834
reference_id RHSA-2025:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0834
27
reference_url https://access.redhat.com/errata/RHSA-2025:0842
reference_id RHSA-2025:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0842
28
reference_url https://access.redhat.com/errata/RHSA-2025:0850
reference_id RHSA-2025:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0850
29
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
30
reference_url https://access.redhat.com/errata/RHSA-2025:0883
reference_id RHSA-2025:0883
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0883
31
reference_url https://access.redhat.com/errata/RHSA-2025:0950
reference_id RHSA-2025:0950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0950
32
reference_url https://access.redhat.com/errata/RHSA-2025:0951
reference_id RHSA-2025:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0951
33
reference_url https://access.redhat.com/errata/RHSA-2025:0978
reference_id RHSA-2025:0978
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0978
34
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
35
reference_url https://access.redhat.com/errata/RHSA-2025:1109
reference_id RHSA-2025:1109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1109
36
reference_url https://access.redhat.com/errata/RHSA-2025:1118
reference_id RHSA-2025:1118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1118
37
reference_url https://access.redhat.com/errata/RHSA-2025:1123
reference_id RHSA-2025:1123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1123
38
reference_url https://access.redhat.com/errata/RHSA-2025:1130
reference_id RHSA-2025:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1130
39
reference_url https://access.redhat.com/errata/RHSA-2025:1241
reference_id RHSA-2025:1241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1241
40
reference_url https://access.redhat.com/errata/RHSA-2025:1250
reference_id RHSA-2025:1250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1250
41
reference_url https://access.redhat.com/errata/RHSA-2025:1710
reference_id RHSA-2025:1710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1710
42
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
43
reference_url https://access.redhat.com/errata/RHSA-2025:2612
reference_id RHSA-2025:2612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2612
44
reference_url https://access.redhat.com/errata/RHSA-2025:2700
reference_id RHSA-2025:2700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2700
45
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
46
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
47
reference_url https://usn.ubuntu.com/7244-1/
reference_id USN-7244-1
reference_type
scores
url https://usn.ubuntu.com/7244-1/
48
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.5
purl pkg:pypi/jinja2@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.5
aliases CVE-2024-56326, GHSA-q2x7-8rv6-6q7h
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7q45-y8e4-bycm
3
url VCID-cjze-s3ny-bbfx
vulnerability_id VCID-cjze-s3ny-bbfx
summary In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1152
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1152
3
reference_url https://access.redhat.com/errata/RHSA-2019:1237
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1237
4
reference_url https://access.redhat.com/errata/RHSA-2019:1329
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1329
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10906
reference_id
reference_type
scores
0
value 0.02334
scoring_system epss
scoring_elements 0.85136
published_at 2026-06-04T12:55:00Z
1
value 0.02334
scoring_system epss
scoring_elements 0.85161
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10906
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/advisories/GHSA-462w-v97r-4m45
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-462w-v97r-4m45
10
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml
12
reference_url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
26
reference_url https://palletsprojects.com/blog/jinja-2-10-1-released
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/jinja-2-10-1-released
27
reference_url https://usn.ubuntu.com/4011-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-1
28
reference_url https://usn.ubuntu.com/4011-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-1/
29
reference_url https://usn.ubuntu.com/4011-2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-2
30
reference_url https://usn.ubuntu.com/4011-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-2/
31
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1698839
reference_id 1698839
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1698839
32
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602
reference_id 926602
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10906
reference_id CVE-2019-10906
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10906
fixed_packages
0
url pkg:pypi/jinja2@2.10.1
purl pkg:pypi/jinja2@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-437r-g9sm-6yfx
1
vulnerability VCID-7gy5-vyx2-kqdy
2
vulnerability VCID-7q45-y8e4-bycm
3
vulnerability VCID-cm1z-thb7-k7fb
4
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.10.1
aliases CVE-2019-10906, GHSA-462w-v97r-4m45, PYSEC-2019-217
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjze-s3ny-bbfx
4
url VCID-cm1z-thb7-k7fb
vulnerability_id VCID-cm1z-thb7-k7fb
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for the previous GHSA-h5c8-rqwp-cp95 CVE-2024-22195 only addressed spaces but not other characters.

Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
reference_id
reference_type
scores
0
value 0.0123
scoring_system epss
scoring_elements 0.79527
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
6
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
reference_id 1070712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
reference_id 2279476
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
reference_id 567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
reference_id CVE-2024-34064
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
reference_id GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
16
reference_url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
reference_id GHSA-h75v-3vvj-5mfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
17
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
reference_id GHSA-h75v-3vvj-5mfj
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
18
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
19
reference_url https://access.redhat.com/errata/RHSA-2024:3795
reference_id RHSA-2024:3795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3795
20
reference_url https://access.redhat.com/errata/RHSA-2024:3811
reference_id RHSA-2024:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3811
21
reference_url https://access.redhat.com/errata/RHSA-2024:3820
reference_id RHSA-2024:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3820
22
reference_url https://access.redhat.com/errata/RHSA-2024:4231
reference_id RHSA-2024:4231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4231
23
reference_url https://access.redhat.com/errata/RHSA-2024:4404
reference_id RHSA-2024:4404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4404
24
reference_url https://access.redhat.com/errata/RHSA-2024:4414
reference_id RHSA-2024:4414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4414
25
reference_url https://access.redhat.com/errata/RHSA-2024:4427
reference_id RHSA-2024:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4427
26
reference_url https://access.redhat.com/errata/RHSA-2024:4522
reference_id RHSA-2024:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4522
27
reference_url https://access.redhat.com/errata/RHSA-2024:4616
reference_id RHSA-2024:4616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4616
28
reference_url https://access.redhat.com/errata/RHSA-2024:4958
reference_id RHSA-2024:4958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4958
29
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
30
reference_url https://access.redhat.com/errata/RHSA-2024:5810
reference_id RHSA-2024:5810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5810
31
reference_url https://access.redhat.com/errata/RHSA-2024:6011
reference_id RHSA-2024:6011
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6011
32
reference_url https://access.redhat.com/errata/RHSA-2024:9150
reference_id RHSA-2024:9150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9150
33
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
reference_id SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
35
reference_url https://usn.ubuntu.com/6787-1/
reference_id USN-6787-1
reference_type
scores
url https://usn.ubuntu.com/6787-1/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
reference_id ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
fixed_packages
0
url pkg:pypi/jinja2@3.1.4
purl pkg:pypi/jinja2@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7q45-y8e4-bycm
1
vulnerability VCID-npd2-9hy6-7ydx
2
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.4
aliases CVE-2024-34064, GHSA-h75v-3vvj-5mfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm1z-thb7-k7fb
5
url VCID-js4m-yqqf-4ubd
vulnerability_id VCID-js4m-yqqf-4ubd
summary In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1022
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1022
3
reference_url https://access.redhat.com/errata/RHSA-2019:1237
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1237
4
reference_url https://access.redhat.com/errata/RHSA-2019:1260
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1260
5
reference_url https://access.redhat.com/errata/RHSA-2019:3964
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3964
6
reference_url https://access.redhat.com/errata/RHSA-2019:4062
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4062
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10745
reference_id
reference_type
scores
0
value 0.01022
scoring_system epss
scoring_elements 0.77617
published_at 2026-06-05T12:55:00Z
1
value 0.01022
scoring_system epss
scoring_elements 0.7759
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10745
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-hj2j-77xm-mc5v
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hj2j-77xm-mc5v
12
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
13
reference_url https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
15
reference_url https://palletsprojects.com/blog/jinja-281-released
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/jinja-281-released
16
reference_url https://palletsprojects.com/blog/jinja-281-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/jinja-281-released/
17
reference_url https://usn.ubuntu.com/4011-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-1
18
reference_url https://usn.ubuntu.com/4011-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-1/
19
reference_url https://usn.ubuntu.com/4011-2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-2
20
reference_url https://usn.ubuntu.com/4011-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-2/
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1698345
reference_id 1698345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1698345
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10745
reference_id CVE-2016-10745
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10745
fixed_packages
0
url pkg:pypi/jinja2@2.8.1
purl pkg:pypi/jinja2@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-437r-g9sm-6yfx
1
vulnerability VCID-7gy5-vyx2-kqdy
2
vulnerability VCID-7q45-y8e4-bycm
3
vulnerability VCID-cjze-s3ny-bbfx
4
vulnerability VCID-cm1z-thb7-k7fb
5
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.8.1
aliases CVE-2016-10745, GHSA-hj2j-77xm-mc5v, PYSEC-2019-220
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-js4m-yqqf-4ubd
6
url VCID-uya2-pv89-5ugv
vulnerability_id VCID-uya2-pv89-5ugv
summary 
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the `|attr` filter no longer bypasses the environment's attribute lookup.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27516
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.30756
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/
url https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
6
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
7
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
reference_id 1099690
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2350190
reference_id 2350190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2350190
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27516
reference_id CVE-2025-27516
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27516
11
reference_url https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
reference_id GHSA-cpwx-vrp4-4pq7
reference_type
scores
url https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
12
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
reference_id GHSA-cpwx-vrp4-4pq7
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
13
reference_url https://access.redhat.com/errata/RHSA-2025:2664
reference_id RHSA-2025:2664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2664
14
reference_url https://access.redhat.com/errata/RHSA-2025:2688
reference_id RHSA-2025:2688
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2688
15
reference_url https://access.redhat.com/errata/RHSA-2025:3017
reference_id RHSA-2025:3017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3017
16
reference_url https://access.redhat.com/errata/RHSA-2025:3111
reference_id RHSA-2025:3111
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3111
17
reference_url https://access.redhat.com/errata/RHSA-2025:3113
reference_id RHSA-2025:3113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3113
18
reference_url https://access.redhat.com/errata/RHSA-2025:3123
reference_id RHSA-2025:3123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3123
19
reference_url https://access.redhat.com/errata/RHSA-2025:3124
reference_id RHSA-2025:3124
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3124
20
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
21
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
22
reference_url https://access.redhat.com/errata/RHSA-2025:3371
reference_id RHSA-2025:3371
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3371
23
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
24
reference_url https://access.redhat.com/errata/RHSA-2025:3388
reference_id RHSA-2025:3388
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3388
25
reference_url https://access.redhat.com/errata/RHSA-2025:3406
reference_id RHSA-2025:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3406
26
reference_url https://access.redhat.com/errata/RHSA-2025:3562
reference_id RHSA-2025:3562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3562
27
reference_url https://access.redhat.com/errata/RHSA-2025:3568
reference_id RHSA-2025:3568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3568
28
reference_url https://access.redhat.com/errata/RHSA-2025:3580
reference_id RHSA-2025:3580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3580
29
reference_url https://access.redhat.com/errata/RHSA-2025:3585
reference_id RHSA-2025:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3585
30
reference_url https://access.redhat.com/errata/RHSA-2025:3586
reference_id RHSA-2025:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3586
31
reference_url https://access.redhat.com/errata/RHSA-2025:3588
reference_id RHSA-2025:3588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3588
32
reference_url https://access.redhat.com/errata/RHSA-2025:3595
reference_id RHSA-2025:3595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3595
33
reference_url https://access.redhat.com/errata/RHSA-2025:3622
reference_id RHSA-2025:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3622
34
reference_url https://access.redhat.com/errata/RHSA-2025:3671
reference_id RHSA-2025:3671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3671
35
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
36
reference_url https://access.redhat.com/errata/RHSA-2025:3779
reference_id RHSA-2025:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3779
37
reference_url https://access.redhat.com/errata/RHSA-2025:3789
reference_id RHSA-2025:3789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3789
38
reference_url https://access.redhat.com/errata/RHSA-2025:4018
reference_id RHSA-2025:4018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4018
39
reference_url https://access.redhat.com/errata/RHSA-2025:4203
reference_id RHSA-2025:4203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4203
40
reference_url https://access.redhat.com/errata/RHSA-2025:4408
reference_id RHSA-2025:4408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4408
41
reference_url https://access.redhat.com/errata/RHSA-2025:4431
reference_id RHSA-2025:4431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4431
42
reference_url https://access.redhat.com/errata/RHSA-2025:4730
reference_id RHSA-2025:4730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4730
43
reference_url https://access.redhat.com/errata/RHSA-2025:7476
reference_id RHSA-2025:7476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7476
44
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.6
purl pkg:pypi/jinja2@3.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.6
aliases CVE-2025-27516, GHSA-cpwx-vrp4-4pq7
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uya2-pv89-5ugv
Fixing_vulnerabilities
0
url VCID-t9gu-3kj3-skdh
vulnerability_id VCID-t9gu-3kj3-skdh
summary FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0012.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0012.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0012
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27512
published_at 2026-06-05T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27445
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0012
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1051421
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1051421
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
5
reference_url http://seclists.org/oss-sec/2014/q1/73
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q1/73
6
reference_url http://secunia.com/advisories/56328
reference_id
reference_type
scores
url http://secunia.com/advisories/56328
7
reference_url http://secunia.com/advisories/60738
reference_id
reference_type
scores
url http://secunia.com/advisories/60738
8
reference_url https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
9
reference_url https://github.com/mitsuhiko/jinja2/pull/292
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mitsuhiko/jinja2/pull/292
10
reference_url https://github.com/mitsuhiko/jinja2/pull/296
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mitsuhiko/jinja2/pull/296
11
reference_url https://github.com/pallets/jinja2
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja2
12
reference_url https://github.com/pallets/jinja2/pull/292
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja2/pull/292
13
reference_url https://github.com/pallets/jinja2/pull/296
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja2/pull/296
14
reference_url https://github.com/pallets/jinja/commit/acb672b6a179567632e032f547582f30fa2f4aa7
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/acb672b6a179567632e032f547582f30fa2f4aa7
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-82.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-82.yaml
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0012
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0012
17
reference_url http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1052102
reference_id 1052102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1052102
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734956
reference_id 734956
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734956
20
reference_url https://github.com/advisories/GHSA-fqh9-2qgg-h84h
reference_id GHSA-fqh9-2qgg-h84h
reference_type
scores
url https://github.com/advisories/GHSA-fqh9-2qgg-h84h
21
reference_url https://security.gentoo.org/glsa/201408-13
reference_id GLSA-201408-13
reference_type
scores
url https://security.gentoo.org/glsa/201408-13
22
reference_url https://usn.ubuntu.com/2301-1/
reference_id USN-2301-1
reference_type
scores
url https://usn.ubuntu.com/2301-1/
fixed_packages
0
url pkg:pypi/jinja2@2.7.2
purl pkg:pypi/jinja2@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-437r-g9sm-6yfx
1
vulnerability VCID-7gy5-vyx2-kqdy
2
vulnerability VCID-7q45-y8e4-bycm
3
vulnerability VCID-cjze-s3ny-bbfx
4
vulnerability VCID-cm1z-thb7-k7fb
5
vulnerability VCID-js4m-yqqf-4ubd
6
vulnerability VCID-t9gu-3kj3-skdh
7
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.7.2
1
url pkg:pypi/jinja2@2.7.3
purl pkg:pypi/jinja2@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-437r-g9sm-6yfx
1
vulnerability VCID-7gy5-vyx2-kqdy
2
vulnerability VCID-7q45-y8e4-bycm
3
vulnerability VCID-cjze-s3ny-bbfx
4
vulnerability VCID-cm1z-thb7-k7fb
5
vulnerability VCID-js4m-yqqf-4ubd
6
vulnerability VCID-uya2-pv89-5ugv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.7.3
aliases CVE-2014-0012, GHSA-fqh9-2qgg-h84h, PYSEC-2014-82
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gu-3kj3-skdh
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.7.3