ROOT-APP-PYPI-CVE-2024-34064 CVE-2024-34064 in rootio-Jinja2 - Patched by Root

Root has patched CVE-2024-34064 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...

RHCOS 4 / 9 : OpenShift Container Platform 4.16.4 (RHSA-2024:4616)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4616 advisory. - golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 - jinja2: accepts keys containing non-attribute...

RHCOS 9 : OpenShift Container Platform 4.15.25 (RHSA-2024:4958)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4958 advisory. - jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Note that Nessus has not tested for this issue but has instead reli...

MiracleLinux 8 : python-jinja2-2.10.1-5.el8_10 (AXSA:2024-8524:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8524:03 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : python-jinja2-2.11.3-6.el9 (AXSA:2024-9263:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9263:04 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : fence-agents-4.10.0-62.el9_4.3 (AXSA:2024-8287:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8287:07 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 CVE-2024-34064 Jinja is an extensible templating engine. The xmlattr filter in affect...

TencentOS Server 3: python-jinja2 (TSSA-2024:0306)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0306 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-34064]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-34064].

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-34064. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

CVE-2024-34064 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-34064 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

RockyLinux 9 : python-jinja2 (RLSA-2024:9150)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:9150 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Tenable has extracted the preceding description block directly from the RockyLinux securit...

python-jinja2 security update

An update is available for python-jinja2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jinja2 package contains Jinja2, a template engine written in...

RLSA-2024:9150 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: accepts keys containing non-attribute characters CVE-2024-34064 For...

Security Bulletin: Vulnerability in Jinja affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Jinja has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2024-34064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes...

CVE-2024-34064 affecting package nodejs18 for versions less than 18.20.3-4

CVE-2024-34064 affecting package nodejs18 for versions less than 18.20.3-4. A patched version of the package is available...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / python-jinja2 (CVE-2024-34064)

The version of nodejs / nodejs18 / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34064 advisory. - Jinja is an extensible templating engine. The xmlattr filter in affected versions...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980, bsc1218722 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting,...

Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-3.1.3-py3-none which is vulnerable to CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by...