Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nbWo2LTZmOGYtNjY5Oc4ABCrO

Jinja has a sandbox breakout through malicious filenames

A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.

To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.

Permalink: https://github.com/advisories/GHSA-gmj6-6f8f-6699
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nbWo2LTZmOGYtNjY5Oc4ABCrO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 16 days ago
Updated: about 12 hours ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00045
EPSS Percentile: 0.17541

Identifiers: GHSA-gmj6-6f8f-6699, CVE-2024-56201
References:

Repository: https://github.com/pallets/jinja
Blast Radius: 45.1

Affected Packages

pypi:jinja2

Dependent packages: 4,068
Dependent repositories: 133,056
Downloads: 201,229,462 last month
Affected Version Ranges: >= 3.0.0, <= 3.1.4
Fixed in: 3.1.5
All affected versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4
All unaffected versions: 2.1.1, 2.2.1, 2.3.1, 2.4.1, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.7.1, 2.7.2, 2.7.3, 2.8.1, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.10.1, 2.10.2, 2.10.3, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 3.1.5