8 matches found
Giskard 安全漏洞
Giskard is an open-source evaluation and testing framework for artificial intelligence systems. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the ConformityCheck class using the Jinja2 template engine to render rule parameters, which...
[SECURITY] Fedora 40 Update: python-jinja2-3.1.6-1.fc40
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...
Fedora: Security Advisory (FEDORA-2024-ce7649d28e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-25657
Summary: CVE-2023-25657 affects Nautobot before 1.5.7, where the Jinja2 template engine was not sandboxed, potentially enabling remote code execution. In Nautobot 1.5.7 and later, sandboxed environments are enabled for Jinja2 rendering for objects such as extras.ComputedField, extras.CustomLink, ...
SSTImap - Automatic SSTI Detection Tool With Interactive Interface
SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection...
Jinja2 Resource Management Error Vulnerability
Jinja2 is a Python based template engine. It has full Unicode support and provides an optional sandboxed template execution environment. A resource management error vulnerability exists in jinja2 from 0.0.0 and before 2.11.3, which stems from a ReDOS vulnerability in regex...
Cross-Site Scripting
EasyWidgets is vulnerable to cross-site scripting XSS. The Jinja2 template engine does not escape the TextArea contents, allowing attackers in inject and execute arbitrary code...