26 matches found
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2676)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2612)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2024-2506
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-5.rv3 CVE-ID: CVE-2020-28493 BDU-ID: 2022-05230 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python programming language interpreter html-template tool jinja2 is related to incorrect resource...
K000141130: Python vulnerability CVE-2024-34064
Security Advisory Description Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If a...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2348)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.0 : python-jinja2 (EulerOS-SA-2024-2127)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...
EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-2147)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2109)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : python-jinja2 (EulerOS-SA-2024-2092)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters...
EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2024-1944)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters...
EulerOS 2.0 SP10 : python-jinja2 (EulerOS-SA-2024-1919)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters...
Amazon Linux 2 : python3-jinja2 (ALAS-2024-2573)
The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2573 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...
CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...
Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
[email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate...
CVE-2024-22195
A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...
[SECURITY] [DLA 3405-1] libxml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2023 https://wiki.debian.org/LTS -...
Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-0e5d64ce65)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-2.fc35
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...
[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-2.fc34
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...
UBUNTU-CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...