CVE-2024-56201

Name
CVE-2024-56201
Description
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
MISC https://github.com/pallets/jinja/issues/1792
MISC https://github.com/pallets/jinja/releases/tag/3.1.5
CONFIRM https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699

Match rules

CPE URI Source package Min version Max version
jinja >= 0 < 3.1.5
cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:* jinja >= 3.0.0 < 3.1.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-jinja2 edge-main 3.1.5-r0 Matt Smith <mcs@darkregion.net> fixed
py3-jinja2 3.22-main 3.1.5-r0 None fixed
py3-jinja2 3.21-main 3.1.5-r0 Matt Smith <mcs@darkregion.net> fixed
py3-jinja2 3.20-main 3.1.5-r0 Matt Smith <mcs@darkregion.net> fixed
py3-jinja2 3.19-main 3.1.5-r0 Matt Smith <mcs@darkregion.net> fixed
py3-jinja2 3.18-main 3.1.5-r0 Matt Smith <mcs@darkregion.net> fixed