MiracleLinux 8 : python-jinja2-2.10.1-6.el8_10 (AXSA:2025-9599:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9599:02 advisory. jinja2: Jinja has a sandbox breakout through indirect reference to format method CVE-2024-56326 Tenable has extracted the preceding description block directl...

Amazon Linux 2 : python3-jinja2 (ALAS-2025-2793)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2793 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Oracle Linux 8 : python-jinja2 (ELSA-2024-4231)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4231 advisory. 2.10.1-5 - Security fix for CVE-2024-34064 Resolves: RHEL-35651 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Important: python3-jinja2

Issue Overview: In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Affected Packages: python3-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2573)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2573 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2582)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2582 advisory. In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Tenable has extracted the preceding...

Amazon Linux 2023 : python3-jinja2 (ALAS2023-2024-645)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-645 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2437)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2437 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. ...

Amazon Linux 2023 : python3-jinja2 (ALAS2023-2024-503)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-503 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML...

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

Debian: Security Advisory (DLA-3715-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5701-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0177)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...