Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in Jinja via xmlattr Filter Attribute Injection affects watsonx.data

Summary A vulnerability in Jinja allows attackers to inject arbitrary HTML attributes through the xmlattr filter, potentially bypassing escaping and validation mechanisms. This can lead to Cross-Site Scripting XSS in affected applications. This can affect watsonx.data. Vulnerability Details...

TencentOS Server 3: python-jinja2 (TSSA-2024:0306)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0306 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Medium: ansible-core

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

AZL-40439 CVE-2024-34064 affecting package python-jinja2 for versions less than 3.0.3-4

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

AZL-75801 CVE-2024-34064 affecting package nodejs24 for versions less than 24.13.0-1

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

UBUNTU-CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...