Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jinja2 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
9.1
CVSSv3
CVE-2021-43837
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions prior to 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the res...
Vault-cli Project Vault-cli
6.1
CVSSv3
CVE-2021-39286
Webrecorder pywb prior to 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.
Webrecorder Pywb
5.3
CVSSv3
CVE-2020-28493
This affects the package jinja2 from 0.0.0 and prior to 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mi...
Palletsprojects Jinja
Fedoraproject Fedora 33
1 Github repository
9.8
CVSSv3
CVE-2014-4966
Ansible prior to 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote malicious users to execute arbitrary code via (1) crafted lookup('pipe') ca...
Redhat Ansible
1 Github repository
8.6
CVSSv3
CVE-2016-10745
In Pallets Jinja prior to 2.8.1, str.format allows a sandbox escape.
Palletsprojects Jinja
1 Github repository
8.6
CVSSv3
CVE-2019-10906
In Pallets Jinja prior to 2.10.1, str.format_map allows a sandbox escape.
Palletsprojects Jinja
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Software Collections 1.0
Opensuse Leap 42.3
Opensuse Leap 15.0
2 Github repositories
6.1
CVSSv3
CVE-2019-9947
An issue exists in urllib2 in Python 2.x up to and including 2.7.16 and urllib in Python 3.x up to and including 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in ...
Python Python
6.1
CVSSv3
CVE-2019-9740
An issue exists in urllib2 in Python 2.x up to and including 2.7.16 and urllib in Python 3.x up to and including 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in ...
Python Python
1 Github repository
9.8
CVSSv3
CVE-2019-8341
An issue exists in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE...
Pocoo Jinja2 2.10
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »