Lucene search
K

4 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3585

Malicious code in bioql PyPI...

8.8CVSS7.1AI score0.00301EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.24 views

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-811)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-811 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python...

8.8CVSS7.5AI score0.005EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/01/15 9:41 p.m.4 views

jinja2: Jinja has a sandbox breakout through malicious filenames

A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...

8.8CVSS7.5AI score0.00301EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/12/23 5:54 p.m.23 views

Jinja has a sandbox breakout through malicious filenames

A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether...

8.8CVSS7.7AI score0.00301EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder