Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/jinja2@2.1
Typepypi
Namespace
Namejinja2
Version2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.6
Latest_non_vulnerable_version3.1.6
Affected_by_vulnerabilities
0
url VCID-1kbp-vb7t-cqdw
vulnerability_id VCID-1kbp-vb7t-cqdw
summary The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
references
0
reference_url http://advisories.mageia.org/MGASA-2014-0028.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://advisories.mageia.org/MGASA-2014-0028.html
1
reference_url http://jinja.pocoo.org/docs/changelog
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://jinja.pocoo.org/docs/changelog
2
reference_url http://jinja.pocoo.org/docs/changelog/
reference_id
reference_type
scores
url http://jinja.pocoo.org/docs/changelog/
3
reference_url http://openwall.com/lists/oss-security/2014/01/10/2
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/10/2
4
reference_url http://openwall.com/lists/oss-security/2014/01/10/3
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/10/3
5
reference_url http://rhn.redhat.com/errata/RHSA-2014-0747.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0747.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2014-0748.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0748.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1402.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1402.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1402
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26615
published_at 2026-04-16T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26716
published_at 2026-04-01T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26763
published_at 2026-04-02T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26804
published_at 2026-04-04T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.26587
published_at 2026-04-07T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.26655
published_at 2026-04-08T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26705
published_at 2026-04-09T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.26709
published_at 2026-04-11T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.26665
published_at 2026-04-12T12:55:00Z
9
value 0.00096
scoring_system epss
scoring_elements 0.26608
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1402
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1051421
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1051421
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1402
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1402
12
reference_url http://secunia.com/advisories/56287
reference_id
reference_type
scores
url http://secunia.com/advisories/56287
13
reference_url http://secunia.com/advisories/58783
reference_id
reference_type
scores
url http://secunia.com/advisories/58783
14
reference_url http://secunia.com/advisories/58918
reference_id
reference_type
scores
url http://secunia.com/advisories/58918
15
reference_url http://secunia.com/advisories/59017
reference_id
reference_type
scores
url http://secunia.com/advisories/59017
16
reference_url http://secunia.com/advisories/60738
reference_id
reference_type
scores
url http://secunia.com/advisories/60738
17
reference_url http://secunia.com/advisories/60770
reference_id
reference_type
scores
url http://secunia.com/advisories/60770
18
reference_url https://github.com/advisories/GHSA-8r7q-cvjq-x353
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8r7q-cvjq-x353
19
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-8.yaml
20
reference_url https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
21
reference_url https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150523060528/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:096/?name=MDVSA-2014:096
22
reference_url http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
23
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1402
reference_id CVE-2014-1402
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1402
25
reference_url https://security.gentoo.org/glsa/201408-13
reference_id GLSA-201408-13
reference_type
scores
url https://security.gentoo.org/glsa/201408-13
26
reference_url https://access.redhat.com/errata/RHSA-2014:0747
reference_id RHSA-2014:0747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0747
27
reference_url https://access.redhat.com/errata/RHSA-2014:0748
reference_id RHSA-2014:0748
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0748
28
reference_url https://usn.ubuntu.com/2301-1/
reference_id USN-2301-1
reference_type
scores
url https://usn.ubuntu.com/2301-1/
fixed_packages
0
url pkg:pypi/jinja2@2.7.2
purl pkg:pypi/jinja2@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-6fxc-s6ht-x7ht
2
vulnerability VCID-6wxf-ewtr-z3hb
3
vulnerability VCID-8vr3-83b4-hqd2
4
vulnerability VCID-at54-9w17-wbe8
5
vulnerability VCID-grgy-jhzr-tyhe
6
vulnerability VCID-jpa1-g154-1ye8
7
vulnerability VCID-np94-ghhk-nug4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.7.2
aliases CVE-2014-1402, GHSA-8r7q-cvjq-x353, PYSEC-2014-8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kbp-vb7t-cqdw
1
url VCID-23hx-apt2-77bn
vulnerability_id VCID-23hx-apt2-77bn
summary 
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the `|attr` filter no longer bypasses the environment's attribute lookup.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27516
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32859
published_at 2026-04-13T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36227
published_at 2026-04-16T12:55:00Z
2
value 0.00214
scoring_system epss
scoring_elements 0.43939
published_at 2026-04-08T12:55:00Z
3
value 0.00214
scoring_system epss
scoring_elements 0.43888
published_at 2026-04-07T12:55:00Z
4
value 0.00214
scoring_system epss
scoring_elements 0.43958
published_at 2026-04-11T12:55:00Z
5
value 0.00214
scoring_system epss
scoring_elements 0.43936
published_at 2026-04-02T12:55:00Z
6
value 0.00214
scoring_system epss
scoring_elements 0.43925
published_at 2026-04-12T12:55:00Z
7
value 0.00214
scoring_system epss
scoring_elements 0.43941
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/
url https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
6
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
7
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27516
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27516
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
reference_id 1099690
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2350190
reference_id 2350190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2350190
12
reference_url https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
reference_id GHSA-cpwx-vrp4-4pq7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
13
reference_url https://access.redhat.com/errata/RHSA-2025:2664
reference_id RHSA-2025:2664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2664
14
reference_url https://access.redhat.com/errata/RHSA-2025:2688
reference_id RHSA-2025:2688
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2688
15
reference_url https://access.redhat.com/errata/RHSA-2025:3017
reference_id RHSA-2025:3017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3017
16
reference_url https://access.redhat.com/errata/RHSA-2025:3111
reference_id RHSA-2025:3111
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3111
17
reference_url https://access.redhat.com/errata/RHSA-2025:3113
reference_id RHSA-2025:3113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3113
18
reference_url https://access.redhat.com/errata/RHSA-2025:3123
reference_id RHSA-2025:3123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3123
19
reference_url https://access.redhat.com/errata/RHSA-2025:3124
reference_id RHSA-2025:3124
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3124
20
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
21
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
22
reference_url https://access.redhat.com/errata/RHSA-2025:3371
reference_id RHSA-2025:3371
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3371
23
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
24
reference_url https://access.redhat.com/errata/RHSA-2025:3388
reference_id RHSA-2025:3388
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3388
25
reference_url https://access.redhat.com/errata/RHSA-2025:3406
reference_id RHSA-2025:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3406
26
reference_url https://access.redhat.com/errata/RHSA-2025:3562
reference_id RHSA-2025:3562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3562
27
reference_url https://access.redhat.com/errata/RHSA-2025:3568
reference_id RHSA-2025:3568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3568
28
reference_url https://access.redhat.com/errata/RHSA-2025:3580
reference_id RHSA-2025:3580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3580
29
reference_url https://access.redhat.com/errata/RHSA-2025:3585
reference_id RHSA-2025:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3585
30
reference_url https://access.redhat.com/errata/RHSA-2025:3586
reference_id RHSA-2025:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3586
31
reference_url https://access.redhat.com/errata/RHSA-2025:3588
reference_id RHSA-2025:3588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3588
32
reference_url https://access.redhat.com/errata/RHSA-2025:3595
reference_id RHSA-2025:3595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3595
33
reference_url https://access.redhat.com/errata/RHSA-2025:3622
reference_id RHSA-2025:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3622
34
reference_url https://access.redhat.com/errata/RHSA-2025:3671
reference_id RHSA-2025:3671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3671
35
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
36
reference_url https://access.redhat.com/errata/RHSA-2025:3779
reference_id RHSA-2025:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3779
37
reference_url https://access.redhat.com/errata/RHSA-2025:3789
reference_id RHSA-2025:3789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3789
38
reference_url https://access.redhat.com/errata/RHSA-2025:4018
reference_id RHSA-2025:4018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4018
39
reference_url https://access.redhat.com/errata/RHSA-2025:4203
reference_id RHSA-2025:4203
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4203
40
reference_url https://access.redhat.com/errata/RHSA-2025:4408
reference_id RHSA-2025:4408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4408
41
reference_url https://access.redhat.com/errata/RHSA-2025:4431
reference_id RHSA-2025:4431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4431
42
reference_url https://access.redhat.com/errata/RHSA-2025:4730
reference_id RHSA-2025:4730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4730
43
reference_url https://access.redhat.com/errata/RHSA-2025:7476
reference_id RHSA-2025:7476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7476
44
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.6
purl pkg:pypi/jinja2@3.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.6
aliases CVE-2025-27516, GHSA-cpwx-vrp4-4pq7
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23hx-apt2-77bn
2
url VCID-6fxc-s6ht-x7ht
vulnerability_id VCID-6fxc-s6ht-x7ht
summary In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1022
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1022
3
reference_url https://access.redhat.com/errata/RHSA-2019:1237
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1237
4
reference_url https://access.redhat.com/errata/RHSA-2019:1260
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1260
5
reference_url https://access.redhat.com/errata/RHSA-2019:3964
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3964
6
reference_url https://access.redhat.com/errata/RHSA-2019:4062
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4062
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10745
reference_id
reference_type
scores
0
value 0.01022
scoring_system epss
scoring_elements 0.77199
published_at 2026-04-07T12:55:00Z
1
value 0.01022
scoring_system epss
scoring_elements 0.77246
published_at 2026-04-12T12:55:00Z
2
value 0.01022
scoring_system epss
scoring_elements 0.77243
published_at 2026-04-13T12:55:00Z
3
value 0.01022
scoring_system epss
scoring_elements 0.77282
published_at 2026-04-16T12:55:00Z
4
value 0.01022
scoring_system epss
scoring_elements 0.77188
published_at 2026-04-02T12:55:00Z
5
value 0.01022
scoring_system epss
scoring_elements 0.77217
published_at 2026-04-04T12:55:00Z
6
value 0.01022
scoring_system epss
scoring_elements 0.77182
published_at 2026-04-01T12:55:00Z
7
value 0.01022
scoring_system epss
scoring_elements 0.77231
published_at 2026-04-08T12:55:00Z
8
value 0.01022
scoring_system epss
scoring_elements 0.77239
published_at 2026-04-09T12:55:00Z
9
value 0.01022
scoring_system epss
scoring_elements 0.77266
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10745
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-hj2j-77xm-mc5v
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hj2j-77xm-mc5v
12
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
13
reference_url https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
15
reference_url https://palletsprojects.com/blog/jinja-281-released
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/jinja-281-released
16
reference_url https://palletsprojects.com/blog/jinja-281-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/jinja-281-released/
17
reference_url https://usn.ubuntu.com/4011-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-1
18
reference_url https://usn.ubuntu.com/4011-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-1/
19
reference_url https://usn.ubuntu.com/4011-2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-2
20
reference_url https://usn.ubuntu.com/4011-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-2/
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1698345
reference_id 1698345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1698345
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10745
reference_id CVE-2016-10745
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10745
fixed_packages
0
url pkg:pypi/jinja2@2.8.1
purl pkg:pypi/jinja2@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-6wxf-ewtr-z3hb
2
vulnerability VCID-8vr3-83b4-hqd2
3
vulnerability VCID-at54-9w17-wbe8
4
vulnerability VCID-jpa1-g154-1ye8
5
vulnerability VCID-np94-ghhk-nug4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.8.1
aliases CVE-2016-10745, GHSA-hj2j-77xm-mc5v, PYSEC-2019-220
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fxc-s6ht-x7ht
3
url VCID-6wxf-ewtr-z3hb
vulnerability_id VCID-6wxf-ewtr-z3hb
summary In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1152
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1152
3
reference_url https://access.redhat.com/errata/RHSA-2019:1237
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1237
4
reference_url https://access.redhat.com/errata/RHSA-2019:1329
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1329
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10906
reference_id
reference_type
scores
0
value 0.03483
scoring_system epss
scoring_elements 0.87518
published_at 2026-04-01T12:55:00Z
1
value 0.03483
scoring_system epss
scoring_elements 0.87528
published_at 2026-04-02T12:55:00Z
2
value 0.03483
scoring_system epss
scoring_elements 0.87542
published_at 2026-04-04T12:55:00Z
3
value 0.03483
scoring_system epss
scoring_elements 0.87544
published_at 2026-04-07T12:55:00Z
4
value 0.03483
scoring_system epss
scoring_elements 0.87563
published_at 2026-04-08T12:55:00Z
5
value 0.03483
scoring_system epss
scoring_elements 0.8757
published_at 2026-04-09T12:55:00Z
6
value 0.03483
scoring_system epss
scoring_elements 0.87581
published_at 2026-04-11T12:55:00Z
7
value 0.03483
scoring_system epss
scoring_elements 0.87577
published_at 2026-04-12T12:55:00Z
8
value 0.03483
scoring_system epss
scoring_elements 0.87573
published_at 2026-04-13T12:55:00Z
9
value 0.03483
scoring_system epss
scoring_elements 0.87588
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10906
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/advisories/GHSA-462w-v97r-4m45
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-462w-v97r-4m45
10
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml
12
reference_url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df%40%3Cdevnull.infra.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284%40%3Cdevnull.infra.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02%40%3Ccommits.airflow.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993%40%3Ccommits.airflow.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da%40%3Ccommits.airflow.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316%40%3Ccommits.airflow.apache.org%3E
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
37
reference_url https://palletsprojects.com/blog/jinja-2-10-1-released
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/jinja-2-10-1-released
38
reference_url https://usn.ubuntu.com/4011-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-1
39
reference_url https://usn.ubuntu.com/4011-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-1/
40
reference_url https://usn.ubuntu.com/4011-2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-2
41
reference_url https://usn.ubuntu.com/4011-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-2/
42
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1698839
reference_id 1698839
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1698839
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602
reference_id 926602
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10906
reference_id CVE-2019-10906
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10906
fixed_packages
0
url pkg:pypi/jinja2@2.10.1
purl pkg:pypi/jinja2@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-8vr3-83b4-hqd2
2
vulnerability VCID-at54-9w17-wbe8
3
vulnerability VCID-jpa1-g154-1ye8
4
vulnerability VCID-np94-ghhk-nug4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.10.1
aliases CVE-2019-10906, GHSA-462w-v97r-4m45, PYSEC-2019-217
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wxf-ewtr-z3hb
4
url VCID-8vr3-83b4-hqd2
vulnerability_id VCID-8vr3-83b4-hqd2
summary 
Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56465
published_at 2026-04-13T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56484
published_at 2026-04-12T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56508
published_at 2026-04-11T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56498
published_at 2026-04-16T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.56493
published_at 2026-04-08T12:55:00Z
5
value 0.00336
scoring_system epss
scoring_elements 0.56442
published_at 2026-04-07T12:55:00Z
6
value 0.00336
scoring_system epss
scoring_elements 0.5646
published_at 2026-04-04T12:55:00Z
7
value 0.00336
scoring_system epss
scoring_elements 0.56438
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/releases/tag/3.1.5
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
8
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
reference_id 1091331
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
reference_id 2333856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
12
reference_url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
reference_id GHSA-q2x7-8rv6-6q7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
13
reference_url https://access.redhat.com/errata/RHSA-2025:0308
reference_id RHSA-2025:0308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0308
14
reference_url https://access.redhat.com/errata/RHSA-2025:0335
reference_id RHSA-2025:0335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0335
15
reference_url https://access.redhat.com/errata/RHSA-2025:0338
reference_id RHSA-2025:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0338
16
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
17
reference_url https://access.redhat.com/errata/RHSA-2025:0345
reference_id RHSA-2025:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0345
18
reference_url https://access.redhat.com/errata/RHSA-2025:0656
reference_id RHSA-2025:0656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0656
19
reference_url https://access.redhat.com/errata/RHSA-2025:0667
reference_id RHSA-2025:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0667
20
reference_url https://access.redhat.com/errata/RHSA-2025:0711
reference_id RHSA-2025:0711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0711
21
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
22
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
23
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
24
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
25
reference_url https://access.redhat.com/errata/RHSA-2025:0834
reference_id RHSA-2025:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0834
26
reference_url https://access.redhat.com/errata/RHSA-2025:0842
reference_id RHSA-2025:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0842
27
reference_url https://access.redhat.com/errata/RHSA-2025:0850
reference_id RHSA-2025:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0850
28
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
29
reference_url https://access.redhat.com/errata/RHSA-2025:0883
reference_id RHSA-2025:0883
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0883
30
reference_url https://access.redhat.com/errata/RHSA-2025:0950
reference_id RHSA-2025:0950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0950
31
reference_url https://access.redhat.com/errata/RHSA-2025:0951
reference_id RHSA-2025:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0951
32
reference_url https://access.redhat.com/errata/RHSA-2025:0978
reference_id RHSA-2025:0978
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0978
33
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
34
reference_url https://access.redhat.com/errata/RHSA-2025:1109
reference_id RHSA-2025:1109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1109
35
reference_url https://access.redhat.com/errata/RHSA-2025:1118
reference_id RHSA-2025:1118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1118
36
reference_url https://access.redhat.com/errata/RHSA-2025:1123
reference_id RHSA-2025:1123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1123
37
reference_url https://access.redhat.com/errata/RHSA-2025:1130
reference_id RHSA-2025:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1130
38
reference_url https://access.redhat.com/errata/RHSA-2025:1241
reference_id RHSA-2025:1241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1241
39
reference_url https://access.redhat.com/errata/RHSA-2025:1250
reference_id RHSA-2025:1250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1250
40
reference_url https://access.redhat.com/errata/RHSA-2025:1710
reference_id RHSA-2025:1710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1710
41
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
42
reference_url https://access.redhat.com/errata/RHSA-2025:2612
reference_id RHSA-2025:2612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2612
43
reference_url https://access.redhat.com/errata/RHSA-2025:2700
reference_id RHSA-2025:2700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2700
44
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
45
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
46
reference_url https://usn.ubuntu.com/7244-1/
reference_id USN-7244-1
reference_type
scores
url https://usn.ubuntu.com/7244-1/
47
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.5
purl pkg:pypi/jinja2@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.5
aliases CVE-2024-56326, GHSA-q2x7-8rv6-6q7h
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vr3-83b4-hqd2
5
url VCID-at54-9w17-wbe8
vulnerability_id VCID-at54-9w17-wbe8
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for the previous GHSA-h5c8-rqwp-cp95 CVE-2024-22195 only addressed spaces but not other characters.

Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34064.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.74723
published_at 2026-04-16T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.74686
published_at 2026-04-13T12:55:00Z
2
value 0.00838
scoring_system epss
scoring_elements 0.74644
published_at 2026-04-02T12:55:00Z
3
value 0.00838
scoring_system epss
scoring_elements 0.74714
published_at 2026-04-11T12:55:00Z
4
value 0.00838
scoring_system epss
scoring_elements 0.74691
published_at 2026-04-09T12:55:00Z
5
value 0.00838
scoring_system epss
scoring_elements 0.74677
published_at 2026-04-08T12:55:00Z
6
value 0.00838
scoring_system epss
scoring_elements 0.74645
published_at 2026-04-07T12:55:00Z
7
value 0.00838
scoring_system epss
scoring_elements 0.7467
published_at 2026-04-04T12:55:00Z
8
value 0.00838
scoring_system epss
scoring_elements 0.74694
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34064
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
6
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34064
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
reference_id 1070712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070712
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
reference_id 2279476
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279476
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
reference_id 567XIGSZMABG6TSMYWD7MIYNJSUQQRUC
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
reference_id GCLF44KY43BSVMTE6S53B4V5WP3FRRSE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
17
reference_url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
reference_id GHSA-h75v-3vvj-5mfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h75v-3vvj-5mfj
18
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
19
reference_url https://access.redhat.com/errata/RHSA-2024:3795
reference_id RHSA-2024:3795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3795
20
reference_url https://access.redhat.com/errata/RHSA-2024:3811
reference_id RHSA-2024:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3811
21
reference_url https://access.redhat.com/errata/RHSA-2024:3820
reference_id RHSA-2024:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3820
22
reference_url https://access.redhat.com/errata/RHSA-2024:4231
reference_id RHSA-2024:4231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4231
23
reference_url https://access.redhat.com/errata/RHSA-2024:4404
reference_id RHSA-2024:4404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4404
24
reference_url https://access.redhat.com/errata/RHSA-2024:4414
reference_id RHSA-2024:4414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4414
25
reference_url https://access.redhat.com/errata/RHSA-2024:4427
reference_id RHSA-2024:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4427
26
reference_url https://access.redhat.com/errata/RHSA-2024:4522
reference_id RHSA-2024:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4522
27
reference_url https://access.redhat.com/errata/RHSA-2024:4616
reference_id RHSA-2024:4616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4616
28
reference_url https://access.redhat.com/errata/RHSA-2024:4958
reference_id RHSA-2024:4958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4958
29
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
30
reference_url https://access.redhat.com/errata/RHSA-2024:5810
reference_id RHSA-2024:5810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5810
31
reference_url https://access.redhat.com/errata/RHSA-2024:6011
reference_id RHSA-2024:6011
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6011
32
reference_url https://access.redhat.com/errata/RHSA-2024:9150
reference_id RHSA-2024:9150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9150
33
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
reference_id SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
35
reference_url https://usn.ubuntu.com/6787-1/
reference_id USN-6787-1
reference_type
scores
url https://usn.ubuntu.com/6787-1/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
reference_id ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T17:53:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
fixed_packages
0
url pkg:pypi/jinja2@3.1.4
purl pkg:pypi/jinja2@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-8vr3-83b4-hqd2
2
vulnerability VCID-jyfq-pjwy-n7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.4
aliases CVE-2024-34064, GHSA-h75v-3vvj-5mfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at54-9w17-wbe8
6
url VCID-grgy-jhzr-tyhe
vulnerability_id VCID-grgy-jhzr-tyhe
summary FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0012.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0012.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0012
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27866
published_at 2026-04-07T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27882
published_at 2026-04-16T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27873
published_at 2026-04-13T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27956
published_at 2026-04-01T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.28029
published_at 2026-04-02T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.27932
published_at 2026-04-12T12:55:00Z
6
value 0.00101
scoring_system epss
scoring_elements 0.27974
published_at 2026-04-11T12:55:00Z
7
value 0.00101
scoring_system epss
scoring_elements 0.27933
published_at 2026-04-08T12:55:00Z
8
value 0.00101
scoring_system epss
scoring_elements 0.28072
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0012
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1051421
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1051421
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
5
reference_url http://seclists.org/oss-sec/2014/q1/73
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q1/73
6
reference_url http://secunia.com/advisories/56328
reference_id
reference_type
scores
url http://secunia.com/advisories/56328
7
reference_url http://secunia.com/advisories/60738
reference_id
reference_type
scores
url http://secunia.com/advisories/60738
8
reference_url https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
9
reference_url https://github.com/mitsuhiko/jinja2/pull/292
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mitsuhiko/jinja2/pull/292
10
reference_url https://github.com/mitsuhiko/jinja2/pull/296
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mitsuhiko/jinja2/pull/296
11
reference_url https://github.com/pallets/jinja2
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja2
12
reference_url https://github.com/pallets/jinja2/pull/292
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja2/pull/292
13
reference_url https://github.com/pallets/jinja2/pull/296
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja2/pull/296
14
reference_url https://github.com/pallets/jinja/commit/acb672b6a179567632e032f547582f30fa2f4aa7
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/acb672b6a179567632e032f547582f30fa2f4aa7
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-82.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-82.yaml
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0012
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0012
17
reference_url http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1052102
reference_id 1052102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1052102
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734956
reference_id 734956
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734956
20
reference_url https://github.com/advisories/GHSA-fqh9-2qgg-h84h
reference_id GHSA-fqh9-2qgg-h84h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqh9-2qgg-h84h
21
reference_url https://security.gentoo.org/glsa/201408-13
reference_id GLSA-201408-13
reference_type
scores
url https://security.gentoo.org/glsa/201408-13
22
reference_url https://usn.ubuntu.com/2301-1/
reference_id USN-2301-1
reference_type
scores
url https://usn.ubuntu.com/2301-1/
fixed_packages
0
url pkg:pypi/jinja2@2.7.2
purl pkg:pypi/jinja2@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-6fxc-s6ht-x7ht
2
vulnerability VCID-6wxf-ewtr-z3hb
3
vulnerability VCID-8vr3-83b4-hqd2
4
vulnerability VCID-at54-9w17-wbe8
5
vulnerability VCID-grgy-jhzr-tyhe
6
vulnerability VCID-jpa1-g154-1ye8
7
vulnerability VCID-np94-ghhk-nug4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.7.2
1
url pkg:pypi/jinja2@2.7.3
purl pkg:pypi/jinja2@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-6fxc-s6ht-x7ht
2
vulnerability VCID-6wxf-ewtr-z3hb
3
vulnerability VCID-8vr3-83b4-hqd2
4
vulnerability VCID-at54-9w17-wbe8
5
vulnerability VCID-jpa1-g154-1ye8
6
vulnerability VCID-np94-ghhk-nug4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.7.3
aliases CVE-2014-0012, GHSA-fqh9-2qgg-h84h, PYSEC-2014-82
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-grgy-jhzr-tyhe
7
url VCID-jpa1-g154-1ye8
vulnerability_id VCID-jpa1-g154-1ye8
summary This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28493
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43081
published_at 2026-04-16T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43038
published_at 2026-04-12T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.43073
published_at 2026-04-11T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43037
published_at 2026-04-08T12:55:00Z
4
value 0.00207
scoring_system epss
scoring_elements 0.42987
published_at 2026-04-07T12:55:00Z
5
value 0.00207
scoring_system epss
scoring_elements 0.4305
published_at 2026-04-09T12:55:00Z
6
value 0.00207
scoring_system epss
scoring_elements 0.43023
published_at 2026-04-13T12:55:00Z
7
value 0.00207
scoring_system epss
scoring_elements 0.42963
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28493
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g3rq-g295-4j3m
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g3rq-g295-4j3m
5
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
6
reference_url https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
7
reference_url https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
8
reference_url https://github.com/pallets/jinja/pull/1343
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/pull/1343
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28493
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28493
13
reference_url https://security.gentoo.org/glsa/202107-19
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-19
14
reference_url https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928707
reference_id 1928707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928707
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736
reference_id 982736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736
17
reference_url https://security.archlinux.org/ASA-202102-19
reference_id ASA-202102-19
reference_type
scores
url https://security.archlinux.org/ASA-202102-19
18
reference_url https://security.archlinux.org/AVG-1523
reference_id AVG-1523
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1523
19
reference_url https://access.redhat.com/errata/RHSA-2021:3252
reference_id RHSA-2021:3252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3252
20
reference_url https://access.redhat.com/errata/RHSA-2021:4151
reference_id RHSA-2021:4151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4151
21
reference_url https://access.redhat.com/errata/RHSA-2021:4161
reference_id RHSA-2021:4161
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4161
22
reference_url https://access.redhat.com/errata/RHSA-2021:4162
reference_id RHSA-2021:4162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4162
23
reference_url https://usn.ubuntu.com/5701-1/
reference_id USN-5701-1
reference_type
scores
url https://usn.ubuntu.com/5701-1/
24
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:pypi/jinja2@2.11.3
purl pkg:pypi/jinja2@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-8vr3-83b4-hqd2
2
vulnerability VCID-at54-9w17-wbe8
3
vulnerability VCID-np94-ghhk-nug4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.11.3
aliases CVE-2020-28493, GHSA-g3rq-g295-4j3m, PYSEC-2021-66, SNYK-PYTHON-JINJA2-1012994
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jpa1-g154-1ye8
8
url VCID-np94-ghhk-nug4
vulnerability_id VCID-np94-ghhk-nug4
summary 
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the `xmlattr` filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35722
published_at 2026-04-16T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35681
published_at 2026-04-13T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35704
published_at 2026-04-12T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.3574
published_at 2026-04-09T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35749
published_at 2026-04-11T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35765
published_at 2026-04-02T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35791
published_at 2026-04-04T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35671
published_at 2026-04-07T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35717
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22195
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/releases/tag/3.1.3
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
8
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22195
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
reference_id 1060748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060748
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
reference_id 2257854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2257854
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
reference_id 5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
reference_id DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/
18
reference_url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
reference_id GHSA-h5c8-rqwp-cp95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5c8-rqwp-cp95
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
reference_id O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-11T19:50:04Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/
20
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
21
reference_url https://access.redhat.com/errata/RHSA-2024:1155
reference_id RHSA-2024:1155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1155
22
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
23
reference_url https://access.redhat.com/errata/RHSA-2024:2132
reference_id RHSA-2024:2132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2132
24
reference_url https://access.redhat.com/errata/RHSA-2024:2348
reference_id RHSA-2024:2348
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2348
25
reference_url https://access.redhat.com/errata/RHSA-2024:2733
reference_id RHSA-2024:2733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2733
26
reference_url https://access.redhat.com/errata/RHSA-2024:2968
reference_id RHSA-2024:2968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2968
27
reference_url https://access.redhat.com/errata/RHSA-2024:2987
reference_id RHSA-2024:2987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2987
28
reference_url https://access.redhat.com/errata/RHSA-2024:3102
reference_id RHSA-2024:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3102
29
reference_url https://access.redhat.com/errata/RHSA-2024:3927
reference_id RHSA-2024:3927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3927
30
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:pypi/jinja2@3.1.3
purl pkg:pypi/jinja2@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hx-apt2-77bn
1
vulnerability VCID-8vr3-83b4-hqd2
2
vulnerability VCID-at54-9w17-wbe8
3
vulnerability VCID-jyfq-pjwy-n7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@3.1.3
aliases CVE-2024-22195, GHSA-h5c8-rqwp-cp95
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-np94-ghhk-nug4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/jinja2@2.1