Azure Linux 3.0 Security Update: nodejs (CVE-2019-10906)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-10906 advisory. - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Note that Nessus has n...

EUVD-2019-0068

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. CVE-2016-10745 Note that Nessus relies on the presence of the package as reported by the...

In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape.

...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to cross-site scripting due to Jinja ( CVE-2024-22195 )

Summary Jinja is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-22195. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Pallets Jinja is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the xmlattr filter. A remote authenticated...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Jinja cross-site scripting [ CVE-2024-22195]

Summary Potential Pallets Jinja cross-site scripting CVE-2024-22195 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION:...

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Jinja2 (CVE-2024-22195)

Summary Jinja2 is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-22195. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Pallets Jinja is vulnerable to cross-site scripting, caused by...

Important: python3-jinja2

Issue Overview: In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Affected Packages: python3-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Pallets Jinja 跨站脚本漏洞

Pallets Jinja is a template engine written in the Python language. A security vulnerability exists in Pallets Jinja versions prior to 3.1.4, which stems from the fact that Jinja is susceptible to HTML attribute injection when passing user input as a key to the xmlattr filter...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-28102 DESCRIPTION: JWCrypto is vulnerable to a...

Security Bulletin: Vulnerabilities in cryptography and Jinja [CVE-2023-50782, CVE-2024-22195]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in cryptography and Jinja which include obtain sensitive information and cross-site scripting, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have...

Security Bulletin: Vulnerabilities in Python packages might affect IBM Storage Defender – Resiliency Service (CVE-2024-22195, CVE-2024-26130, CVE-2023-50782)

Summary IBM Storage Defender – Resiliency Service is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...

Rocky Linux 8 : python-jinja2 (RLSA-2019:1152)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2019:1152 advisory. - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Note that Nessus has not tested for this issue but has instead relied onl...

SUSE CVE-2016-10745

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape...

SUSE CVE-2019-10906

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2430)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : python-jinja2 (EulerOS-SA-2021-1838)

According to the version of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape.CVE-2019-10906 Note that Tenable Network Security has extracted the...

EulerOS 2.0 SP5 : python-jinja2 (EulerOS-SA-2020-1127)

According to the version of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape.CVE-2019-10906 Note that Tenable Network Security has extracted the...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2019-1816)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...