Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/python27-python-jinja2@2.6-16?arch=el7
purl pkg:rpm/redhat/python27-python-jinja2@2.6-16?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.4
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. There are no reported fixed by versions.
VCID-8a7h-5rn5-gubx
Aliases:
CVE-2020-27619
A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. There are no reported fixed by versions.
VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. There are no reported fixed by versions.
VCID-dkxn-j9dr-sqbp
Aliases:
CVE-2021-3177
Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. There are no reported fixed by versions.
VCID-jpa1-g154-1ye8
Aliases:
CVE-2020-28493
GHSA-g3rq-g295-4j3m
PYSEC-2021-66
SNYK-PYTHON-JINJA2-1012994
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. There are no reported fixed by versions.
VCID-szsp-k3sg-r3eu
Aliases:
CVE-2021-20095
A vulnerability in Babel could result in remote code execution. There are no reported fixed by versions.
VCID-w6k8-js68-87g4
Aliases:
CVE-2021-23336
Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. There are no reported fixed by versions.
VCID-yw7e-93us-8qh8
Aliases:
CVE-2021-42771
GHSA-h4m5-qpfp-3mpv
PYSEC-2021-421
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:04:20.871537+00:00 RedHat Importer Affected by VCID-8a7h-5rn5-gubx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27619.json 38.0.0
2026-04-01T14:03:41.740895+00:00 RedHat Importer Affected by VCID-1na8-nyq1-yfcy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json 38.0.0
2026-04-01T14:03:34.202762+00:00 RedHat Importer Affected by VCID-brg4-rv29-1fgz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json 38.0.0
2026-04-01T14:03:27.911756+00:00 RedHat Importer Affected by VCID-dkxn-j9dr-sqbp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3177.json 38.0.0
2026-04-01T14:03:20.233528+00:00 RedHat Importer Affected by VCID-jpa1-g154-1ye8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json 38.0.0
2026-04-01T14:03:12.857425+00:00 RedHat Importer Affected by VCID-w6k8-js68-87g4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23336.json 38.0.0
2026-04-01T14:02:23.919789+00:00 RedHat Importer Affected by VCID-yw7e-93us-8qh8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42771.json 38.0.0
2026-04-01T14:02:23.672147+00:00 RedHat Importer Affected by VCID-szsp-k3sg-r3eu https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20095.json 38.0.0