Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6599-1
HistoryJan 25, 2024 - 12:00 a.m.

Jinja2 vulnerabilities

2024-01-2500:00:00
ubuntu.com
22
ubuntu
jinja2
denial of service
xss
cve-2020-28493
cve-2024-22195

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

Releases

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • jinja2 - small but fast and easy to use stand-alone template engine

Details

Yeting Li discovered that Jinja incorrectly handled certain regex.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and
Ubuntu 20.04 LTS. (CVE-2020-28493)

It was discovered that Jinja incorrectly handled certain HTML passed with
xmlatter filter. An attacker could inject arbitrary HTML attributes
keys and values potentially leading to XSS. (CVE-2024-22195)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.10noarchpython3-jinja2< 3.1.2-1ubuntu0.23.10.1UNKNOWN
Ubuntu23.10noarchpython-jinja2-doc< 3.1.2-1ubuntu0.23.10.1UNKNOWN
Ubuntu22.04noarchpython3-jinja2< 3.0.3-1ubuntu0.1UNKNOWN
Ubuntu22.04noarchpython-jinja2-doc< 3.0.3-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchpython-jinja2< 2.10.1-2ubuntu0.2UNKNOWN
Ubuntu20.04noarchpython-jinja2-doc< 2.10.1-2ubuntu0.2UNKNOWN
Ubuntu20.04noarchpython3-jinja2< 2.10.1-2ubuntu0.2UNKNOWN
Ubuntu18.04noarchpython-jinja2< 2.10-1ubuntu0.18.04.1+esm1UNKNOWN
Ubuntu18.04noarchpython-jinja2< 2.10-1ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchpython-jinja2-doc< 2.10-1ubuntu0.18.04.1UNKNOWN
Rows per page:
1-10 of 221

Related

osv 14
openvas 28
nessus 52
ibm 14
debian 1
fedora 4
redhat 17
github 2
prion 2
debiancve 2
amazon 2
wolfi 1
veracode 2
ubuntucve 2
cve 2
redhatcve 2
cgr 1
cbl_mariner 2
alpinelinux 1
gitlab 1
rocky 3
ubuntu 1
gentoo 1
archlinux 2
almalinux 3
mageia 1
oraclelinux 2
oracle 2
osv
osv
jinja2 vulnerabilities
2024-01-25 16:06:46
CVE-2024-22195
2024-01-11 03:15:11
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
2024-01-11 15:20:48
openvas
openvas
Ubuntu: Security Advisory (USN-6599-1)
2024-01-26 00:00:00
Fedora: Security Advisory for mingw-python-jinja2 (FEDORA-2024-ab372beea4)
2024-01-23 00:00:00
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1535)
2024-04-22 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Jinja2 vulnerabilities (USN-6599-1)
2024-01-25 00:00:00
Amazon Linux 2023 : python3-jinja2 (ALAS2023-2024-503)
2024-02-06 00:00:00
Fedora 39 : python-jinja2 (2024-6026572e7d)
2024-01-24 00:00:00
ibm
ibm
Security Bulletin: Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl is vulnerable to CVE-2024-22195 used in IBM Maximo Application Suite - Edge Data Collector
2024-04-10 10:49:58
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-22195
2024-03-29 10:43:29
Security Bulletin: IBM Maximo Application Suite and IBM Truststore Manager uses Jinja2-3.1.2-py3-none-any.whl and Jinja2-3.0.3-py3-none-any.whl which is vulnerable to CVE-2024-22195
2024-04-01 09:41:47
debian
debian
[SECURITY] [DLA 3715-1] jinja2 security update
2024-01-23 17:31:34
fedora
fedora
[SECURITY] Fedora 39 Update: python-jinja2-3.1.3-1.fc39
2024-01-25 00:41:41
[SECURITY] Fedora 38 Update: python-jinja2-3.1.3-1.fc38
2024-01-27 02:12:44
[SECURITY] Fedora 39 Update: mingw-python-jinja2-3.1.3-1.fc39
2024-01-23 00:58:55
redhat
redhat
(RHSA-2024:2348) Moderate: python-jinja2 security update
2024-04-30 06:15:27
(RHSA-2021:4161) Moderate: python-jinja2 security update
2021-11-09 08:26:43
(RHSA-2024:2132) Moderate: fence-agents security and bug fix update
2024-04-30 06:14:50
github
github
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
2024-01-11 15:20:48
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
prion
prion
Cross site scripting
2024-01-11 03:15:00
Design/Logic Flaw
2021-02-01 20:15:00
debiancve
debiancve
CVE-2024-22195
2024-01-11 03:15:11
CVE-2020-28493
2021-02-01 20:15:00
amazon
amazon
Medium: python-jinja2
2024-02-01 19:57:00
Medium: python3-jinja2
2024-02-01 19:57:00
wolfi
wolfi
CVE-2024-22195 vulnerabilities
2024-05-04 21:07:06
veracode
veracode
Cross Site Scripting (XSS)
2024-01-12 10:04:04
Regular Expression Denial Of Service (ReDoS)
2021-02-02 01:28:40
ubuntucve
ubuntucve
CVE-2024-22195
2024-01-11 00:00:00
CVE-2020-28493
2021-02-01 00:00:00
cve
cve
CVE-2024-22195
2024-01-11 03:15:11
CVE-2020-28493
2021-02-01 20:15:00
redhatcve
redhatcve
CVE-2024-22195
2024-01-11 11:04:16
CVE-2020-28493
2021-02-15 12:33:42
cgr
cgr
CVE-2024-22195 vulnerabilities
2024-05-04 21:06:41
cbl_mariner
cbl_mariner
CVE-2024-22195 affecting package python-jinja2 for versions less than 3.0.3-3
2024-02-25 03:00:06
CVE-2020-28493 affecting package python-jinja2 2.10.1-1
2022-08-12 16:45:07
alpinelinux
alpinelinux
CVE-2020-28493
2021-02-01 20:15:00
gitlab
gitlab
Regular Expression Denial of Service
2021-02-01 00:00:00
rocky
rocky
python-jinja2 security update
2021-11-09 08:26:43
python27:2.7 security update
2021-11-09 08:24:39
python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
ubuntu
ubuntu
Jinja2 vulnerability
2022-10-26 00:00:00
gentoo
gentoo
Jinja: Denial of service
2021-07-08 00:00:00
archlinux
archlinux
[ASA-202102-19] python-jinja: denial of service
2021-02-07 00:00:00
[ASA-202102-20] python2-jinja: denial of service
2021-02-07 00:00:00
almalinux
almalinux
Moderate: python-jinja2 security update
2021-11-09 08:26:43
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
mageia
mageia
Updated python-jinja2 packages fix a security vulnerability
2021-04-12 22:59:59
oraclelinux
oraclelinux
python27:2.7 security update
2021-11-16 00:00:00
python38:3.8 and python38-devel:3.8 security update
2021-11-16 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON
Related for USN-6599-1
osv14openvas28nessus52ibm14debian1fedora4redhat17github2prion2debiancve2amazon2wolfi1veracode2ubuntucve2cve2redhatcve2cgr1cbl_mariner2alpinelinux1gitlab1rocky3ubuntu1gentoo1archlinux2almalinux3mageia1oraclelinux2oracle2