Lucene search

RedHatRHSA-2024:4231

HistoryJul 02, 2024 - 1:54 p.m.

(RHSA-2024:4231) Moderate: python-jinja2 security update

2024-07-0213:54:35

access.redhat.com

python-jinja2 package

security update

non-xml syntax

inline expressions

sandboxed environment

cve-2024-34064

cvss score

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

JSON

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

Security Fix(es):

jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-jinja2< 2.10.1-5.el8_10python3-jinja2-2.10.1-5.el8_10.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	python3-jinja2	< 2.10.1-5.el8_10	python3-jinja2-2.10.1-5.el8_10.noarch.rpm

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

JSON

Related for RHSA-2024:4231