Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/jinja2@0?distro=trixie
Typedeb
Namespacedebian
Namejinja2
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.7.2-1
Latest_non_vulnerable_version3.1.6-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-jyfq-pjwy-n7gg
vulnerability_id VCID-jyfq-pjwy-n7gg
summary 
Jinja has a sandbox breakout through malicious filenames
A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.

To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56201.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56201
reference_id
reference_type
scores
0
value 0.00459
scoring_system epss
scoring_elements 0.64058
published_at 2026-04-21T12:55:00Z
1
value 0.00459
scoring_system epss
scoring_elements 0.64001
published_at 2026-04-02T12:55:00Z
2
value 0.00459
scoring_system epss
scoring_elements 0.64029
published_at 2026-04-04T12:55:00Z
3
value 0.00459
scoring_system epss
scoring_elements 0.63988
published_at 2026-04-07T12:55:00Z
4
value 0.00459
scoring_system epss
scoring_elements 0.64039
published_at 2026-04-08T12:55:00Z
5
value 0.00459
scoring_system epss
scoring_elements 0.64056
published_at 2026-04-09T12:55:00Z
6
value 0.00459
scoring_system epss
scoring_elements 0.64068
published_at 2026-04-11T12:55:00Z
7
value 0.00459
scoring_system epss
scoring_elements 0.64054
published_at 2026-04-12T12:55:00Z
8
value 0.00459
scoring_system epss
scoring_elements 0.64024
published_at 2026-04-13T12:55:00Z
9
value 0.00459
scoring_system epss
scoring_elements 0.64059
published_at 2026-04-16T12:55:00Z
10
value 0.00459
scoring_system epss
scoring_elements 0.64071
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56201
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
4
reference_url https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
5
reference_url https://github.com/pallets/jinja/issues/1792
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/issues/1792
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/releases/tag/3.1.5
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56201
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56201
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091329
reference_id 1091329
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091329
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333854
reference_id 2333854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333854
11
reference_url https://github.com/advisories/GHSA-gmj6-6f8f-6699
reference_id GHSA-gmj6-6f8f-6699
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmj6-6f8f-6699
12
reference_url https://access.redhat.com/errata/RHSA-2025:0308
reference_id RHSA-2025:0308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0308
13
reference_url https://access.redhat.com/errata/RHSA-2025:0335
reference_id RHSA-2025:0335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0335
14
reference_url https://access.redhat.com/errata/RHSA-2025:0338
reference_id RHSA-2025:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0338
15
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
16
reference_url https://access.redhat.com/errata/RHSA-2025:0345
reference_id RHSA-2025:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0345
17
reference_url https://access.redhat.com/errata/RHSA-2025:0656
reference_id RHSA-2025:0656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0656
18
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
19
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
20
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
21
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
22
reference_url https://access.redhat.com/errata/RHSA-2025:0834
reference_id RHSA-2025:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0834
23
reference_url https://access.redhat.com/errata/RHSA-2025:0842
reference_id RHSA-2025:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0842
24
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
25
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
26
reference_url https://access.redhat.com/errata/RHSA-2025:1118
reference_id RHSA-2025:1118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1118
27
reference_url https://access.redhat.com/errata/RHSA-2025:1123
reference_id RHSA-2025:1123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1123
28
reference_url https://access.redhat.com/errata/RHSA-2025:1130
reference_id RHSA-2025:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1130
29
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
30
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
31
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
32
reference_url https://access.redhat.com/errata/RHSA-2025:3491
reference_id RHSA-2025:3491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3491
33
reference_url https://usn.ubuntu.com/7244-1/
reference_id USN-7244-1
reference_type
scores
url https://usn.ubuntu.com/7244-1/
34
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:deb/debian/jinja2@0?distro=trixie
purl pkg:deb/debian/jinja2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@0%3Fdistro=trixie
1
url pkg:deb/debian/jinja2@2.11.3-1?distro=trixie
purl pkg:deb/debian/jinja2@2.11.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@2.11.3-1%3Fdistro=trixie
2
url pkg:deb/debian/jinja2@3.1.2-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/jinja2@3.1.2-1%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@3.1.2-1%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/jinja2@3.1.2-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/jinja2@3.1.2-1%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@3.1.2-1%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/jinja2@3.1.5-1?distro=trixie
purl pkg:deb/debian/jinja2@3.1.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@3.1.5-1%3Fdistro=trixie
5
url pkg:deb/debian/jinja2@3.1.6-1?distro=trixie
purl pkg:deb/debian/jinja2@3.1.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@3.1.6-1%3Fdistro=trixie
6
url pkg:deb/debian/jinja2@3.1.6-2?distro=trixie
purl pkg:deb/debian/jinja2@3.1.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@3.1.6-2%3Fdistro=trixie
aliases CVE-2024-56201, GHSA-gmj6-6f8f-6699
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyfq-pjwy-n7gg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/jinja2@0%3Fdistro=trixie