Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2024/08/20 8:33 p.m.5 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 9:23 a.m.4 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 8:52 a.m.3 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.4 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/13 10:51 a.m.8 views

python-jinja2: str.format_map allows sandbox escape

A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability...

8.6CVSS7.3AI score0.03603EPSS
Exploits1References5
Rows per page
Query Builder