OESA-2024-1128

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1128

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1128.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1128

Upstream

CVE-2024-22195

Published

2024-02-02T11:06:54Z

Modified

2025-08-12T05:25:07.050180Z

Summary

python-jinja2 security update

Details

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications where security is important.

Security Fix(es):

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja xmlattr filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. (CVE-2024-22195)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/openEuler/python-jinja2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.2-6.oe1

Ecosystem specific

{
    "noarch": [
        "python-jinja2-help-2.11.2-6.oe1.noarch.rpm",
        "python2-jinja2-2.11.2-6.oe1.noarch.rpm",
        "python3-jinja2-2.11.2-6.oe1.noarch.rpm"
    ],
    "src": [
        "python-jinja2-2.11.2-6.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/openEuler/python-jinja2&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.2-6.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "python-jinja2-help-2.11.2-6.oe2003sp4.noarch.rpm",
        "python2-jinja2-2.11.2-6.oe2003sp4.noarch.rpm",
        "python3-jinja2-2.11.2-6.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "python-jinja2-2.11.2-6.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/openEuler/python-jinja2&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-3.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "python3-jinja2-3.0.3-3.oe2203.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203.noarch.rpm",
        "python3-jinja2-3.0.3-3.oe2203sp1.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203sp1.noarch.rpm",
        "python3-jinja2-3.0.3-3.oe2203sp2.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203sp2.noarch.rpm",
        "python3-jinja2-3.0.3-3.oe2203sp3.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "python-jinja2-3.0.3-3.oe2203.src.rpm",
        "python-jinja2-3.0.3-3.oe2203sp1.src.rpm",
        "python-jinja2-3.0.3-3.oe2203sp2.src.rpm",
        "python-jinja2-3.0.3-3.oe2203sp3.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/openEuler/python-jinja2&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-3.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "python3-jinja2-3.0.3-3.oe2203sp1.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "python-jinja2-3.0.3-3.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/openEuler/python-jinja2&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-3.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "python3-jinja2-3.0.3-3.oe2203sp2.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "python-jinja2-3.0.3-3.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/openEuler/python-jinja2&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-3.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "python3-jinja2-3.0.3-3.oe2203sp3.noarch.rpm",
        "python-jinja2-help-3.0.3-3.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "python-jinja2-3.0.3-3.oe2203sp3.src.rpm"
    ]
}