VulnerableCode Package Details - pkg:rpm/redhat/python-jinja2@2.10.1-2.el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/python-jinja2@2.10.1-2.el8_2?arch=4

purl	pkg:rpm/redhat/python-jinja2@2.10.1-2.el8_2?arch=4

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.3

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-23hx-apt2-77bn Aliases: CVE-2025-27516 GHSA-cpwx-vrp4-4pq7	Jinja2 vulnerable to sandbox breakout through attr filter selecting format method An oversight in how the Jinja sandboxed environment interacts with the `\|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `\|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the `\|attr` filter no longer bypasses the environment's attribute lookup.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:42:01.259958+00:00	RedHat Importer	Affected by	VCID-23hx-apt2-77bn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json	38.0.0