14 matches found
RHCOS 4 / 9 : OpenShift Container Platform 4.16.33 (RHSA-2025:0830)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0830 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile...
RHCOS 9 : OpenShift Container Platform 4.15.45 (RHSA-2025:1130)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1130 advisory. - jinja2: Jinja has a sandbox breakout through malicious filenames CVE-2024-56201 - jinja2: Jinja has a sandbox breakout through...
Amazon Linux 2 : mock, --advisory ALAS2MOCK-2025-001 (ALASMOCK-2025-001)
The version of mock installed on the remote host is prior to 1.4.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the...
CVE-2023-25657
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
FreeBSD : Jinja2 -- Sandbox breakout through attr filter selecting format method (3299cbfd-fa6e-11ef-929d-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3299cbfd-fa6e-11ef-929d-b0416f0c4c67 advisory. [email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
ALSA-2025:0711 Important: python-jinja2 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
GHSA-462W-V97R-4M45 Jinja2 sandbox escape via string formatting
In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. The sandbox is used to restrict what code can be evaluated when rendering untrusted, user-provided templates. Due to the way string formatting works in Python, the str.formatmap method could be used to escape the sandbox. This...
Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net
This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...