126 matches found
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
Jenkins plugin Templating Engine 代码注入漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A code injection...
PT-2025-14512 · Jenkins · Jenkins Templating Engine Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Templating Engine Plugin versions 2.5.3 and earlier Description: The issue allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM, due to libraries defined in folders not...
Amazon Linux 2023 : python3-jinja2 (ALAS2023-2025-894)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-894 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template t...
Amazon Linux 2 : python3-jinja2 (ALAS-2025-2793)
The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2793 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1305)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1306)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1246)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1282)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2025-27516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker...
AZL-58063 CVE-2025-27516 affecting package nodejs18 for versions less than 18.20.3-5
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
CVE-2025-27516
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
CVE-2025-27516 Jinja sandbox breakout through attr filter selecting format method
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
Linux Distros Unpatched Vulnerability : CVE-2024-34064
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes...
Linux Distros Unpatched Vulnerability : CVE-2015-5215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping,...
Azure Linux 3.0 Security Update: python-jinja2 (CVE-2024-56201)
The version of python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56201 advisory. - Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the...
EulerOS 2.0 SP11 : python-jinja2 (EulerOS-SA-2025-1145)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format...
Azure Linux 3.0 Security Update: python-jinja2 (CVE-2024-56326)
The version of python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56326 advisory. - Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed...
ALPINE-CVE-2024-56201
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...
CVE-2024-56326
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...