fkie_cve-2024-56201
Vulnerability from fkie_nvd
Published
2024-12-23 16:15
Modified
2025-02-18 22:15
Severity ?
5.4 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
References
security-advisories@github.comhttps://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
security-advisories@github.comhttps://github.com/pallets/jinja/issues/1792
security-advisories@github.comhttps://github.com/pallets/jinja/releases/tag/3.1.5
security-advisories@github.comhttps://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.",
      },
      {
         lang: "es",
         value: "Jinja es un motor de plantillas extensible. Antes de 3.1.5, un error en el compilador de Jinja permitía a un atacante que controlaba tanto el contenido como el nombre de archivo de una plantilla ejecutar código Python arbitrario, independientemente de si se utilizaba el entorno limitado de Jinja. Para aprovechar la vulnerabilidad, un atacante necesita controlar tanto el nombre del archivo como el contenido de una plantilla. Que ese sea el caso depende del tipo de aplicación que utilice Jinja. Esta vulnerabilidad afecta a los usuarios de aplicaciones que ejecutan plantillas que no son de confianza donde el autor de la plantilla también puede elegir el nombre del archivo de la plantilla. Esta vulnerabilidad se solucionó en 3.1.5.",
      },
   ],
   id: "CVE-2024-56201",
   lastModified: "2025-02-18T22:15:12.910",
   metrics: {
      cvssMetricV40: [
         {
            cvssData: {
               Automatable: "NOT_DEFINED",
               Recovery: "NOT_DEFINED",
               Safety: "NOT_DEFINED",
               attackComplexity: "LOW",
               attackRequirements: "PRESENT",
               attackVector: "LOCAL",
               availabilityRequirement: "NOT_DEFINED",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityRequirement: "NOT_DEFINED",
               exploitMaturity: "NOT_DEFINED",
               integrityRequirement: "NOT_DEFINED",
               modifiedAttackComplexity: "NOT_DEFINED",
               modifiedAttackRequirements: "NOT_DEFINED",
               modifiedAttackVector: "NOT_DEFINED",
               modifiedPrivilegesRequired: "NOT_DEFINED",
               modifiedSubAvailabilityImpact: "NOT_DEFINED",
               modifiedSubConfidentialityImpact: "NOT_DEFINED",
               modifiedSubIntegrityImpact: "NOT_DEFINED",
               modifiedUserInteraction: "NOT_DEFINED",
               modifiedVulnAvailabilityImpact: "NOT_DEFINED",
               modifiedVulnConfidentialityImpact: "NOT_DEFINED",
               modifiedVulnIntegrityImpact: "NOT_DEFINED",
               privilegesRequired: "LOW",
               providerUrgency: "NOT_DEFINED",
               subAvailabilityImpact: "NONE",
               subConfidentialityImpact: "NONE",
               subIntegrityImpact: "NONE",
               userInteraction: "PASSIVE",
               valueDensity: "NOT_DEFINED",
               vectorString: "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
               version: "4.0",
               vulnAvailabilityImpact: "HIGH",
               vulnConfidentialityImpact: "HIGH",
               vulnIntegrityImpact: "HIGH",
               vulnerabilityResponseEffort: "NOT_DEFINED",
            },
            source: "security-advisories@github.com",
            type: "Secondary",
         },
      ],
   },
   published: "2024-12-23T16:15:07.410",
   references: [
      {
         source: "security-advisories@github.com",
         url: "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
      },
      {
         source: "security-advisories@github.com",
         url: "https://github.com/pallets/jinja/issues/1792",
      },
      {
         source: "security-advisories@github.com",
         url: "https://github.com/pallets/jinja/releases/tag/3.1.5",
      },
      {
         source: "security-advisories@github.com",
         url: "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
      },
   ],
   sourceIdentifier: "security-advisories@github.com",
   vulnStatus: "Awaiting Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-150",
            },
         ],
         source: "security-advisories@github.com",
         type: "Secondary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.