497 matches found
Amazon Linux 2 : python-jinja2 (ALAS-2024-2574)
The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2574 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...
Medium: python-jinja2
Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...
RLSA-2024:3102 Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...
python-jinja2 security update
An update is available for python-jinja2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jinja2 package contains Jinja2, a template engine written in...
Rocky Linux 8 : python-jinja2 (RLSA-2024:3102)
The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3102 advisory. jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 Tenable has extracted the preceding description block directly...
CVE-2024-34064 affecting package python-jinja2 for versions less than 3.0.3-4
CVE-2024-34064 affecting package python-jinja2 for versions less than 3.0.3-4. A patched version of the package is available...
SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980 Tenable has extracted the...
Mageia: Security Advisory (MGASA-2024-0199)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : python-jinja2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Note that Nessus has not tested for this...
RHEL 6 : python-jinja2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-jinja2: Sandbox escape due to information disclosure via str.format CVE-2016-10745 Note that Nessus has not...
[SECURITY] Fedora 39 Update: python-jinja2-3.1.4-1.fc39
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
Fedora 39 : python-jinja2 (2024-ce7649d28e)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ce7649d28e advisory. Update to 3.1.4 rhbz2279211,rhbz2279491 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
MGASA-2024-0199 Updated python-jinja2 packages fix security vulnerabilities
It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...
SUSE-SU-2024:1864-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-34064, bsc1223980, CVE-2024-22195, bsc1218722...
SUSE-SU-2024:1863-2 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-34064, bsc1223980, CVE-2024-22195, bsc1218722...
SUSE-SU-2024:1863-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-34064, bsc1223980, CVE-2024-22195, bsc1218722...
EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1772)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible t...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1772)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1749)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-e609c057ad)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...