Sandbox Bypass

🗓️ 10 Mar 2025 08:19:24Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 6 Views

Jinja sandbox bypass allows arbitrary code execution through filter oversight.

Reporter	Title	Published	Views	Family All 298
IBM Security Bulletins	Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516.	25 Jun 202509:43	–	ibm
IBM Security Bulletins	Security Bulletin: A denial-of-service attack, TE.CL request smuggling, a man-in-the-middle attack, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	16 Apr 202516:15	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion HCI and IBM Fusion HCI for watsonx	31 May 202514:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.1	11 Apr 202514:35	–	ibm
IBM Security Bulletins	Security Bulletin: Location Service for ESRI Component uses multiple vulnerable libraries and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to multiple CVEs	6 May 202506:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to this CVE-2025-27516	1 Aug 202510:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)	1 Aug 202516:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Jinja , cryptography & OpenSSL can affect IBM Storage Protect Plus File Systems Agent Backup and Restore	21 Jun 202508:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Jinja (CVE-2025-27516)	20 Jun 202522:39	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	31 May 202514:06	–	ibm

Vulners

Node

py3-jinja2 py3-jinja2Match3.1.2-r1python

AND

py3-jinja2 py3-jinja2Match3.1.2-r2python

AND

py3-jinja2 py3-jinja2Match3.1.4-r0python

AND

py3-jinja2 py3-jinja2Match2.11.3-r0python

AND

py3-jinja2 py3-jinja2Match3.1.5-r0python

AND

py3-jinja2 py3-jinja2Match3.0.3-r0python

AND

py3-jinja2 py3-jinja2Match2.11.2-r0python

AND

py3-jinja2 py3-jinja2Match3.1.2-r0python

AND

py3-jinja2 py3-jinja2Match3.1.3-r1python

AND

py3-jinja2 py3-jinja2Match3.1.2-r3python

AND

py3-jinja2 py3-jinja2Match2.11.3-r1python

AND

py3-jinja2 py3-jinja2Match3.0.0-r0python

AND

py3-jinja2 py3-jinja2Match2.11.1-r0python

AND

py3-jinja2 py3-jinja2Match3.0.3-r1python

AND

py3-jinja2 py3-jinja2Match3.0.1-r0python

AND

py3-jinja2 py3-jinja2Match3.0.1-r1python

AND

py3-jinja2 py3-jinja2Match3.1.3-r0python

AND

alpinelinux alpine_linuxMatchedge

py3-jinja2 py3-jinja2Match3.1.5-r0python

AND

py3-jinja2 py3-jinja2Match3.1.4-r0python

AND

py3-jinja2 py3-jinja2Match3.1.3-r1python

AND

alpinelinux alpine_linuxMatch3.20

py3-jinja2 py3-jinja2Match3.1.4-r0python

AND

py3-jinja2 py3-jinja2Match3.1.2-r3python

AND

py3-jinja2 py3-jinja2Match3.1.5-r0python

AND

alpinelinux alpine_linuxMatch3.19

py3-jinja2 py3-jinja2Match3.1.5-r0python

AND

py3-jinja2 py3-jinja2Match3.1.4-r0python

AND

py3-jinja2 py3-jinja2Match3.1.2-r2python

AND

alpinelinux alpine_linuxMatch3.18

py3-jinja2 py3-jinja2Match3.1.5-r0python

AND

py3-jinja2 py3-jinja2Match3.1.4-r0python

AND

alpinelinux alpine_linuxMatch3.21

pocoo jinja2Range2.0rc1–3.1.5python

pocoo jinja2Match2.0python

pocoo jinja2Match2.0rc1python

pocoo jinja2Match2.1python

pocoo jinja2Match2.1.1python

pocoo jinja2Match2.10python

pocoo jinja2Match2.10.1python

pocoo jinja2Match2.10.2python

pocoo jinja2Match2.10.3python

pocoo jinja2Match2.11.0python

pocoo jinja2Match2.11.1python

pocoo jinja2Match2.11.2python

pocoo jinja2Match2.11.3python

pocoo jinja2Match2.2python

pocoo jinja2Match2.2.1python

pocoo jinja2Match2.3python

pocoo jinja2Match2.3.1python

pocoo jinja2Match2.4python

pocoo jinja2Match2.4.1python

pocoo jinja2Match2.5python

pocoo jinja2Match2.5.1python

pocoo jinja2Match2.5.2python

pocoo jinja2Match2.5.3python

pocoo jinja2Match2.5.4python

pocoo jinja2Match2.5.5python

pocoo jinja2Match2.6python

pocoo jinja2Match2.7python

pocoo jinja2Match2.7.1python

pocoo jinja2Match2.7.2python

pocoo jinja2Match2.7.3python

pocoo jinja2Match2.8python

pocoo jinja2Match2.8.1python

pocoo jinja2Match2.9python

pocoo jinja2Match2.9.1python

pocoo jinja2Match2.9.2python

pocoo jinja2Match2.9.3python

pocoo jinja2Match2.9.4python

pocoo jinja2Match2.9.5python

pocoo jinja2Match2.9.6python

pocoo jinja2Match3.0.0python

pocoo jinja2Match3.0.0a1python

pocoo jinja2Match3.0.0rc1python

pocoo jinja2Match3.0.0rc2python

pocoo jinja2Match3.0.1python

pocoo jinja2Match3.0.2python

pocoo jinja2Match3.0.3python

pocoo jinja2Match3.1.0python

pocoo jinja2Match3.1.1python

pocoo jinja2Match3.1.2python

pocoo jinja2Match3.1.3python

pocoo jinja2Match3.1.4python

Source	Link
github	www.github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27516
lists	www.lists.debian.org/debian-lts-announce/2025/04/msg00022.html
github	www.github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
lists	www.lists.debian.org/debian-lts-announce/2025/04/msg00045.html
github	www.github.com/pallets/jinja

13 Dec 2025 07:31Current

8.3High risk

Vulners AI Score8.3

CVSS 3.18.8

CVSS 45.4

EPSS0.00121

SSVC

jinja vulnerability sandbox bypass code execution attribute lookup