Lucene search
K

91 matches found

RedHat Linux
RedHat Linux
added 2024/06/11 7:57 p.m.6 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/11 5:35 p.m.6 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/11 1:13 p.m.5 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.3 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.32 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Jinja2 vulnerability (USN-6787-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6787-1 advisory. It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted b...

5.4CVSS6.5AI score0.00979EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/22 8:37 p.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 10:20 a.m.3 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
OSV
OSV
added 2024/05/17 11:8 a.m.3 views

OESA-2024-1605 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

5.4CVSS7.2AI score0.00979EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/16 12:0 a.m.29 views

Fedora 39 : mingw-python-jinja2 (2024-e609c057ad)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e609c057ad advisory. Update to jinja2-3.1.4, fixes CVE-2024-34064. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

5.4CVSS6.4AI score0.00979EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/05/13 7:0 a.m.2 views

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

...

5.4CVSS6.6AI score0.00979EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.19 views

RHEL 7 : jinja2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 - Jinja...

7.5AI score0.00979EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/05/07 6:54 a.m.51 views

CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.3AI score0.00979EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/05/07 2:39 a.m.4 views

SUSE CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

6.1CVSS8.2AI score0.00979EPSS
Exploits0References9
OSV
OSV
added 2024/05/06 3:15 p.m.4 views

AZL-40369 CVE-2024-34064 affecting package python-jinja2 for versions less than 3.1.2-2

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.6AI score0.00979EPSS
Exploits0References1
OSV
OSV
added 2024/05/06 3:15 p.m.3 views

ALPINE-CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS7AI score0.00979EPSS
Exploits0References1
OSV
OSV
added 2024/05/06 3:15 p.m.5 views

AZL-40420 CVE-2024-34064 affecting package nodejs for versions less than 20.14.0-1

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.6AI score0.00979EPSS
Exploits0References1
OSV
OSV
added 2024/05/06 3:15 p.m.2 views

DEBIAN-CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.4AI score0.00979EPSS
Exploits0References1
NVD
NVD
added 2024/05/06 3:15 p.m.39 views

CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.2AI score0.00979EPSS
Exploits0References7
OSV
OSV
added 2024/05/06 3:15 p.m.8 views

AZL-75801 CVE-2024-34064 affecting package nodejs24 for versions less than 24.13.0-1

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.6AI score0.00979EPSS
Exploits0References1
Rows per page
Query Builder