5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%
Jinja2 is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper handling of keys with non-attribute characters within the xmlattr
filter. This leads to potential XSS attacks when an application accepts user input for keys and rendering it on a webpage.
github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
lists.fedoraproject.org/archives/list/[email protected]/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/
lists.fedoraproject.org/archives/list/[email protected]/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/
lists.fedoraproject.org/archives/list/[email protected]/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/
lists.fedoraproject.org/archives/list/[email protected]/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%