RHEL 9 : Red Hat OpenStack Platform 17.1 (openstack-ansible-core) (RHSA-2024:2733)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2733 advisory. An ansible-core rebuild for OpenStack based on python 3.9. Security Fixes: HTML attribute injection when passing user input as keys to xmlattr filter...

ALSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

...

RHEL 6 : jinja2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 - Jinja...

RHEL 7 : jinja2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 - Jinja...

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

Pallets Jinja 跨站脚本漏洞

Pallets Jinja is a template engine written in the Python language. A security vulnerability exists in Pallets Jinja versions prior to 3.1.4, which stems from the fact that Jinja is susceptible to HTML attribute injection when passing user input as a key to the xmlattr filter...

Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

[email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate...

CVE-2024-32970 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

Moderate: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 9 : python-jinja2 (RHSA-2024:2348)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2348 advisory. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports...

RHEL 9 : fence-agents (RHSA-2024:2132)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2132 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

ALSA-2024:2348 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...