4 matches found
EUVD-2024-3585
Malicious code in bioql PyPI...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-811)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-811 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python...
jinja2: Jinja has a sandbox breakout through malicious filenames
A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...
Jinja has a sandbox breakout through malicious filenames
A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether...