Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/python-jinja2@3.1.5-1?arch=el8pc
Typerpm
Namespaceredhat
Namepython-jinja2
Version3.1.5-1
Qualifiers
arch el8pc
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-8vr3-83b4-hqd2
vulnerability_id VCID-8vr3-83b4-hqd2
summary 
Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56326.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56438
published_at 2026-04-02T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56465
published_at 2026-04-13T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56484
published_at 2026-04-12T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56508
published_at 2026-04-11T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.56498
published_at 2026-04-16T12:55:00Z
5
value 0.00336
scoring_system epss
scoring_elements 0.56493
published_at 2026-04-08T12:55:00Z
6
value 0.00336
scoring_system epss
scoring_elements 0.56442
published_at 2026-04-07T12:55:00Z
7
value 0.00336
scoring_system epss
scoring_elements 0.5646
published_at 2026-04-04T12:55:00Z
8
value 0.0042
scoring_system epss
scoring_elements 0.62016
published_at 2026-05-12T12:55:00Z
9
value 0.0042
scoring_system epss
scoring_elements 0.61989
published_at 2026-05-11T12:55:00Z
10
value 0.0042
scoring_system epss
scoring_elements 0.62034
published_at 2026-05-09T12:55:00Z
11
value 0.0042
scoring_system epss
scoring_elements 0.61974
published_at 2026-05-07T12:55:00Z
12
value 0.00456
scoring_system epss
scoring_elements 0.63948
published_at 2026-04-26T12:55:00Z
13
value 0.00456
scoring_system epss
scoring_elements 0.6392
published_at 2026-04-21T12:55:00Z
14
value 0.00456
scoring_system epss
scoring_elements 0.63929
published_at 2026-04-18T12:55:00Z
15
value 0.00456
scoring_system epss
scoring_elements 0.63936
published_at 2026-04-24T12:55:00Z
16
value 0.00456
scoring_system epss
scoring_elements 0.63919
published_at 2026-05-05T12:55:00Z
17
value 0.00456
scoring_system epss
scoring_elements 0.63946
published_at 2026-04-29T12:55:00Z
18
value 0.0057
scoring_system epss
scoring_elements 0.68787
published_at 2026-05-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56326
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
5
reference_url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/releases/tag/3.1.5
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-27T17:50:50Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
8
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56326
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
reference_id 1091331
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091331
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
reference_id 2333856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333856
12
reference_url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
reference_id GHSA-q2x7-8rv6-6q7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2x7-8rv6-6q7h
13
reference_url https://access.redhat.com/errata/RHSA-2025:0308
reference_id RHSA-2025:0308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0308
14
reference_url https://access.redhat.com/errata/RHSA-2025:0335
reference_id RHSA-2025:0335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0335
15
reference_url https://access.redhat.com/errata/RHSA-2025:0338
reference_id RHSA-2025:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0338
16
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
17
reference_url https://access.redhat.com/errata/RHSA-2025:0345
reference_id RHSA-2025:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0345
18
reference_url https://access.redhat.com/errata/RHSA-2025:0656
reference_id RHSA-2025:0656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0656
19
reference_url https://access.redhat.com/errata/RHSA-2025:0667
reference_id RHSA-2025:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0667
20
reference_url https://access.redhat.com/errata/RHSA-2025:0711
reference_id RHSA-2025:0711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0711
21
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
22
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
23
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
24
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
25
reference_url https://access.redhat.com/errata/RHSA-2025:0834
reference_id RHSA-2025:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0834
26
reference_url https://access.redhat.com/errata/RHSA-2025:0842
reference_id RHSA-2025:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0842
27
reference_url https://access.redhat.com/errata/RHSA-2025:0850
reference_id RHSA-2025:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0850
28
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
29
reference_url https://access.redhat.com/errata/RHSA-2025:0883
reference_id RHSA-2025:0883
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0883
30
reference_url https://access.redhat.com/errata/RHSA-2025:0950
reference_id RHSA-2025:0950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0950
31
reference_url https://access.redhat.com/errata/RHSA-2025:0951
reference_id RHSA-2025:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0951
32
reference_url https://access.redhat.com/errata/RHSA-2025:0978
reference_id RHSA-2025:0978
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0978
33
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
34
reference_url https://access.redhat.com/errata/RHSA-2025:1109
reference_id RHSA-2025:1109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1109
35
reference_url https://access.redhat.com/errata/RHSA-2025:1118
reference_id RHSA-2025:1118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1118
36
reference_url https://access.redhat.com/errata/RHSA-2025:1123
reference_id RHSA-2025:1123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1123
37
reference_url https://access.redhat.com/errata/RHSA-2025:1130
reference_id RHSA-2025:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1130
38
reference_url https://access.redhat.com/errata/RHSA-2025:1241
reference_id RHSA-2025:1241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1241
39
reference_url https://access.redhat.com/errata/RHSA-2025:1250
reference_id RHSA-2025:1250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1250
40
reference_url https://access.redhat.com/errata/RHSA-2025:1710
reference_id RHSA-2025:1710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1710
41
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
42
reference_url https://access.redhat.com/errata/RHSA-2025:2612
reference_id RHSA-2025:2612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2612
43
reference_url https://access.redhat.com/errata/RHSA-2025:2700
reference_id RHSA-2025:2700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2700
44
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
45
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
46
reference_url https://usn.ubuntu.com/7244-1/
reference_id USN-7244-1
reference_type
scores
url https://usn.ubuntu.com/7244-1/
47
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
aliases CVE-2024-56326, GHSA-q2x7-8rv6-6q7h
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vr3-83b4-hqd2
1
url VCID-duvn-u125-dqan
vulnerability_id VCID-duvn-u125-dqan
summary 
Requests `Session` object does not verify requests after making first request with verify=False
When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later.

This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity.

This behavior affects versions of `requests` prior to 2.32.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35195.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35195
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13654
published_at 2026-04-11T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13536
published_at 2026-04-26T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13564
published_at 2026-04-24T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13552
published_at 2026-04-21T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13481
published_at 2026-04-18T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13485
published_at 2026-04-16T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.1357
published_at 2026-04-13T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13691
published_at 2026-04-02T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13752
published_at 2026-04-04T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13553
published_at 2026-04-07T12:55:00Z
10
value 0.00044
scoring_system epss
scoring_elements 0.13633
published_at 2026-04-08T12:55:00Z
11
value 0.00044
scoring_system epss
scoring_elements 0.13685
published_at 2026-04-09T12:55:00Z
12
value 0.00044
scoring_system epss
scoring_elements 0.13618
published_at 2026-04-12T12:55:00Z
13
value 0.00046
scoring_system epss
scoring_elements 0.14158
published_at 2026-05-14T12:55:00Z
14
value 0.00046
scoring_system epss
scoring_elements 0.14059
published_at 2026-05-12T12:55:00Z
15
value 0.00046
scoring_system epss
scoring_elements 0.14016
published_at 2026-05-11T12:55:00Z
16
value 0.00046
scoring_system epss
scoring_elements 0.14026
published_at 2026-05-09T12:55:00Z
17
value 0.00046
scoring_system epss
scoring_elements 0.1394
published_at 2026-05-07T12:55:00Z
18
value 0.00046
scoring_system epss
scoring_elements 0.1378
published_at 2026-05-05T12:55:00Z
19
value 0.00046
scoring_system epss
scoring_elements 0.13899
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35195
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/psf/requests
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/psf/requests
5
reference_url https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/
url https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
6
reference_url https://github.com/psf/requests/pull/6655
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/
url https://github.com/psf/requests/pull/6655
7
reference_url https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/
url https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35195
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35195
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071593
reference_id 1071593
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071593
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2282114
reference_id 2282114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2282114
13
reference_url https://github.com/advisories/GHSA-9wx4-h78v-vm56
reference_id GHSA-9wx4-h78v-vm56
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wx4-h78v-vm56
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
reference_id IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
reference_id N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
16
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
17
reference_url https://access.redhat.com/errata/RHSA-2024:4522
reference_id RHSA-2024:4522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4522
18
reference_url https://access.redhat.com/errata/RHSA-2024:9988
reference_id RHSA-2024:9988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9988
19
reference_url https://access.redhat.com/errata/RHSA-2025:0012
reference_id RHSA-2025:0012
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0012
20
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
21
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
22
reference_url https://access.redhat.com/errata/RHSA-2025:7049
reference_id RHSA-2025:7049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7049
23
reference_url https://access.redhat.com/errata/RHSA-2025:8385
reference_id RHSA-2025:8385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8385
fixed_packages
aliases CVE-2024-35195, GHSA-9wx4-h78v-vm56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duvn-u125-dqan
2
url VCID-jyfq-pjwy-n7gg
vulnerability_id VCID-jyfq-pjwy-n7gg
summary 
Jinja has a sandbox breakout through malicious filenames
A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.

To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56201.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56201
reference_id
reference_type
scores
0
value 0.00423
scoring_system epss
scoring_elements 0.62127
published_at 2026-05-07T12:55:00Z
1
value 0.00423
scoring_system epss
scoring_elements 0.62167
published_at 2026-05-12T12:55:00Z
2
value 0.00423
scoring_system epss
scoring_elements 0.62141
published_at 2026-05-11T12:55:00Z
3
value 0.00423
scoring_system epss
scoring_elements 0.62186
published_at 2026-05-09T12:55:00Z
4
value 0.00459
scoring_system epss
scoring_elements 0.64001
published_at 2026-04-02T12:55:00Z
5
value 0.00459
scoring_system epss
scoring_elements 0.64088
published_at 2026-04-29T12:55:00Z
6
value 0.00459
scoring_system epss
scoring_elements 0.6409
published_at 2026-04-26T12:55:00Z
7
value 0.00459
scoring_system epss
scoring_elements 0.64077
published_at 2026-04-24T12:55:00Z
8
value 0.00459
scoring_system epss
scoring_elements 0.64058
published_at 2026-04-21T12:55:00Z
9
value 0.00459
scoring_system epss
scoring_elements 0.64054
published_at 2026-04-12T12:55:00Z
10
value 0.00459
scoring_system epss
scoring_elements 0.64068
published_at 2026-04-11T12:55:00Z
11
value 0.00459
scoring_system epss
scoring_elements 0.64056
published_at 2026-05-05T12:55:00Z
12
value 0.00459
scoring_system epss
scoring_elements 0.64039
published_at 2026-04-08T12:55:00Z
13
value 0.00459
scoring_system epss
scoring_elements 0.63988
published_at 2026-04-07T12:55:00Z
14
value 0.00459
scoring_system epss
scoring_elements 0.64029
published_at 2026-04-04T12:55:00Z
15
value 0.00459
scoring_system epss
scoring_elements 0.64071
published_at 2026-04-18T12:55:00Z
16
value 0.00459
scoring_system epss
scoring_elements 0.64059
published_at 2026-04-16T12:55:00Z
17
value 0.00459
scoring_system epss
scoring_elements 0.64024
published_at 2026-04-13T12:55:00Z
18
value 0.00573
scoring_system epss
scoring_elements 0.68897
published_at 2026-05-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56201
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
4
reference_url https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
5
reference_url https://github.com/pallets/jinja/issues/1792
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/issues/1792
6
reference_url https://github.com/pallets/jinja/releases/tag/3.1.5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/releases/tag/3.1.5
7
reference_url https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-24T01:44:55Z/
url https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56201
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56201
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091329
reference_id 1091329
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091329
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333854
reference_id 2333854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333854
11
reference_url https://github.com/advisories/GHSA-gmj6-6f8f-6699
reference_id GHSA-gmj6-6f8f-6699
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmj6-6f8f-6699
12
reference_url https://access.redhat.com/errata/RHSA-2025:0308
reference_id RHSA-2025:0308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0308
13
reference_url https://access.redhat.com/errata/RHSA-2025:0335
reference_id RHSA-2025:0335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0335
14
reference_url https://access.redhat.com/errata/RHSA-2025:0338
reference_id RHSA-2025:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0338
15
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
16
reference_url https://access.redhat.com/errata/RHSA-2025:0345
reference_id RHSA-2025:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0345
17
reference_url https://access.redhat.com/errata/RHSA-2025:0656
reference_id RHSA-2025:0656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0656
18
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
19
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
20
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
21
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
22
reference_url https://access.redhat.com/errata/RHSA-2025:0834
reference_id RHSA-2025:0834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0834
23
reference_url https://access.redhat.com/errata/RHSA-2025:0842
reference_id RHSA-2025:0842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0842
24
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
25
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
26
reference_url https://access.redhat.com/errata/RHSA-2025:1118
reference_id RHSA-2025:1118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1118
27
reference_url https://access.redhat.com/errata/RHSA-2025:1123
reference_id RHSA-2025:1123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1123
28
reference_url https://access.redhat.com/errata/RHSA-2025:1130
reference_id RHSA-2025:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1130
29
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
30
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
31
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
32
reference_url https://access.redhat.com/errata/RHSA-2025:3491
reference_id RHSA-2025:3491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3491
33
reference_url https://usn.ubuntu.com/7244-1/
reference_id USN-7244-1
reference_type
scores
url https://usn.ubuntu.com/7244-1/
34
reference_url https://usn.ubuntu.com/7343-1/
reference_id USN-7343-1
reference_type
scores
url https://usn.ubuntu.com/7343-1/
fixed_packages
aliases CVE-2024-56201, GHSA-gmj6-6f8f-6699
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyfq-pjwy-n7gg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-jinja2@3.1.5-1%3Farch=el8pc