CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

EulerOS 2.0 SP13 : python-jinja2 (EulerOS-SA-2025-1341)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that...

CVE-2025-27516

CVE-2025-27516 : Jinja2 before 3.1.6 exposes a sandbox bypass via the |attr filter, allowing arbitrary Python code execution if an attacker controls template content. Affected: jinja2 versions prior to 3.1.6. Impact: execution of code in untrusted templates. Remediation: upgrade to 3.1.6 or newer...

EulerOS 2.0 SP11 : python-jinja2 (EulerOS-SA-2025-1164)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format...

CVE-2024-56201

A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...

CVE-2024-56326

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

UBUNTU-CVE-2024-56326

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

CVE-2024-56201 Jinja has a sandbox breakout through malicious filenames

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

GHSA-297X-8XJ4-VCXV Improper Control of Generation of Code in doT

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...