It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack.

OSVersionArchitecturePackageVersionFilename
Mageia9noarchpython-jinja2< 3.1.4-1python-jinja2-3.1.4-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	python-jinja2	< 3.1.4-1	python-jinja2-3.1.4-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=33253

ubuntu.com/security/notices/USN-6599-1

nessus 55

osv 15

github 2

debiancve 2

vulnrichment 1

cve 2

ubuntucve 2

openvas 21

redhatcve 2

cvelist 2

nvd 2

fedora 7

cbl_mariner 2

rocky 3

cgr 2

veracode 2

ubuntu 2

almalinux 6

redhat 12

oraclelinux 6

wolfi 2

debian 1

ibm 13

prion 1

amazon 2

oracle 1

nessus

Fedora 40 : mingw-python-jinja2 (2024-e3caf31c98)

2024-05-16 00:00:00

RHEL 7 : jinja2 (Unpatched Vulnerability)

2024-05-11 00:00:00

RHEL 6 : jinja2 (Unpatched Vulnerability)

2024-05-11 00:00:00

osv

CVE-2024-34064

2024-05-06 15:15:23

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

2024-05-06 14:20:59

Moderate: fence-agents security update

2024-06-14 14:00:40

github

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

2024-05-06 14:20:59

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

2024-01-11 15:20:48

debiancve

CVE-2024-34064

2024-05-06 15:15:23

CVE-2024-22195

2024-01-11 03:15:11

vulnrichment

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

2024-05-06 14:41:39

cve

CVE-2024-34064

2024-05-06 15:15:23

CVE-2024-22195

2024-01-11 03:15:11

ubuntucve

CVE-2024-34064

2024-05-06 00:00:00

CVE-2024-22195

2024-01-11 00:00:00

openvas

Mageia: Security Advisory (MGASA-2024-0199)

2024-06-03 00:00:00

Fedora: Security Advisory for python-jinja2 (FEDORA-2024-ce7649d28e)

2024-06-07 00:00:00

Ubuntu: Security Advisory (USN-6787-1)

2024-05-29 00:00:00

redhatcve

CVE-2024-34064

2024-05-07 06:54:54

CVE-2024-22195

2024-01-11 11:04:16

cvelist

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

2024-05-06 14:41:39

CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)

2024-01-11 02:25:44

nvd

CVE-2024-34064

2024-05-06 15:15:23

CVE-2024-22195

2024-01-11 03:15:11

fedora

[SECURITY] Fedora 40 Update: python-jinja2-3.1.4-1.fc40

2024-05-23 01:09:34

[SECURITY] Fedora 39 Update: python-jinja2-3.1.4-1.fc39

2024-06-01 01:12:44

[SECURITY] Fedora 39 Update: mingw-python-jinja2-3.1.3-1.fc39

2024-01-23 00:58:55

cbl_mariner

CVE-2024-34064 affecting package python-jinja2 for versions less than 3.0.3-4

2024-06-12 22:23:00

CVE-2024-22195 affecting package python-jinja2 for versions less than 3.0.3-3

2024-02-25 03:00:06

rocky

fence-agents security update

2024-06-14 14:00:40

python-jinja2 security update

2024-06-14 13:59:30

fence-agents security and bug fix update

2024-06-14 13:59:30

cgr

CVE-2024-34064 vulnerabilities

2024-05-19 03:07:16

CVE-2024-22195 vulnerabilities

2024-05-19 03:07:16

veracode

Cross-site Scripting (XSS)

2024-05-08 08:24:34

Cross Site Scripting (XSS)

2024-01-12 10:04:04

ubuntu

Jinja2 vulnerability

2024-05-28 00:00:00

Jinja2 vulnerabilities

2024-01-25 00:00:00

almalinux

Moderate: fence-agents security update

2024-06-11 00:00:00

Moderate: python-jinja2 security update

2024-05-22 00:00:00

Moderate: python-jinja2 security update

2024-04-30 00:00:00

redhat

(RHSA-2024:2348) Moderate: python-jinja2 security update

2024-04-30 06:15:27

(RHSA-2024:2733) Moderate: Red Hat OpenStack Platform 17.1 (openstack-ansible-core) security update

2024-05-22 20:31:47

(RHSA-2024:3102) Moderate: python-jinja2 security update

2024-05-22 06:35:37

oraclelinux

fence-agents security update

2024-06-11 00:00:00

python-jinja2 security update

2024-05-02 00:00:00

python-jinja2 security update

2024-05-23 00:00:00

wolfi

CVE-2024-34064 vulnerabilities

2024-06-18 09:08:19

CVE-2024-22195 vulnerabilities

2024-06-18 09:08:19

debian

[SECURITY] [DLA 3715-1] jinja2 security update

2024-01-23 17:31:34

ibm

Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-22195

2024-03-29 10:43:29

Security Bulletin: IBM Maximo Application Suite and IBM Truststore Manager uses Jinja2-3.1.2-py3-none-any.whl and Jinja2-3.0.3-py3-none-any.whl which is vulnerable to CVE-2024-22195

2024-04-01 09:41:47

Security Bulletin: Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl is vulnerable to CVE-2024-22195 used in IBM Maximo Application Suite - Edge Data Collector

2024-04-10 10:49:58

prion

Cross site scripting

2024-01-11 03:15:00

amazon

Medium: python-jinja2

2024-02-01 19:57:00

Medium: python3-jinja2

2024-02-01 19:57:00

oracle

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

Related for MGASA-2024-0199