21 matches found
Improper Neutralization of Special Elements Used in a Template Engine
Overview datapizza-ai-core is a Core components for the datapizza-ai framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatPromptTemplate function that utilises Jinja2 Template. An attacker can execute...
CVE-2024-2952
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
OESA-2025-1530 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
OESA-2025-1529 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. This bulletin contains information regarding the vulnerability and i...
Jinja 安全漏洞
Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.6, which stems from an attribute filter bypassing the sandbox and leading to the execution of arbitrary code...
Security Bulletin: IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201
Summary IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
Astra Linux - уязвимость в jinja2
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...
Jinja 安全漏洞
Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a sandbox environment that detects improperly called str.format, allowing an attacker who controls the content of a template to...
Medium: ansible-core
Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...
AZL-40369 CVE-2024-34064 affecting package python-jinja2 for versions less than 3.1.2-2
Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...
GHSA-46CM-PFWV-CGF8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952
CVE-2024-2952 affects BerriAI/litellm. The vulnerability is an SSTI in the /completions endpoint: the hf_chat_template method processes the chat_template parameter from tokenizer_config.json using the Jinja template engine without proper sanitization, enabling attackers to craft malicious tokeniz...
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
DEBIAN-CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
Jinja Cross-Site Scripting Vulnerability
Pallets Jinja is a template engine written in the Python language. A security vulnerability exists in Jinja versions prior to 3.1.3, which stems from a cross-site scripting XSS vulnerability...