expat: Integer overflow in lookup in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

OESA-2025-1532 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

Fedora 40 : python-jinja2 (2025-8b6aa24ab4)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8b6aa24ab4 advisory. Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. Tenable has...

Sandbox Bypass

Jinja is vulnerable to sandbox bypass. The vulnerability is due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter, allowing attackers to execute arbitrary code execution ACE by bypassing the sandbox's attribute lookup...