3 matches found
voice-agent-tequity (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-44209 via banks (=2.2.0)
banks PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on banks and may be impacted: - voice-agent-tequity =0.1.0, =0.1.1 Source cves: CVE-2026-44209 Source advisory: OSV:GHSA-GPHH-9Q3H-JGPP...
banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI
Summary banks = 2.4.1 uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RCE on the host system. This is a...
PT-2026-39237
Name of the Vulnerable Software and Affected Versions banks versions prior to 2.4.2 Description Server-Side Template Injection SSTI occurs when applications pass user-supplied strings directly as template arguments to the Prompt function. This happens because the software uses jinja2.Environment ...