Fedora 39: FEDORA-2024-702b7d51a3 Critical: XSS Flaw in django-templates

fedora

January 27, 2024

Security fix for CVE-2024-22195

Summary

Jinja2 is a template engine written in pure Python. It provides a

Django inspired non-XML syntax but supports inline expressions and an

optional sandboxed environment.

If you have any exposure to other text-based template languages, such

as Smarty or Django, you should feel right at home with Jinja2. It's

both designer and developer friendly by sticking to Python's

principles and adding functionality useful for templating

environments.

Update Information:

Security fix for CVE-2024-22195

Topics Covered

security advisory critical Fedora HTML injection python-jinja2 template engine

Change Log

* Thu Jan 11 2024 Michel Lind - 3.1.3-1 - Update to 3.1.3 to fix CVE-2024-22195 * Tue Aug 8 2023 Karolina Surma - 3.1.2-6 - Declare the license as an SPDX expression * Fri Jul 21 2023 Fedora Release Engineering - 3.1.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jun 16 2023 Python Maint - 3.1.2-4 - Rebuilt for Python 3.12 * Tue Jun 13 2023 Python Maint - 3.1.2-3 - Bootstrap for Python 3.12 * Fri May 19 2023 Yaakov Selkowitz - 3.1.2-2 - Disable docs by default in RHEL builds * Mon May 1 2023 Sandro Mani - 3.1.2-1 - Update to 3.1.2

References

[ 1 ] Bug #2257854 - CVE-2024-22195 jinja2: HTML attribute injection when passing user input as keys to xmlattr filter https://bugzilla.redhat.com/show_bug.cgi?id=2257854

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-604e4c3509' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity

critical

Lowest

Low

Medium

High

Critical

Name: python-jinja2

Product: Fedora 38

Version: 3.1.3

Release: 1.fc38

URL: https://palletsprojects.com/projects/jinja/

Summary: General purpose template engine

Topics Covered

security advisory critical Fedora HTML injection python-jinja2 template engine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 39: FEDORA-2024-702b7d51a3 Critical: XSS Flaw in django-templates

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 39: FEDORA-2024-702b7d51a3 Critical: XSS Flaw in django-templates

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!