Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 39 python-jinja2 2024-6026572e7d moderate: HTML injection

fedora
Calendar Grey January 25, 2024
Dist Fedora Esm H88
The update for python-jinja2 resolving CVE-2024-22195 in Fedora 39 enhances template safety for all users.
Security fix for CVE-2024-22195

Summary

Jinja2 is a template engine written in pure Python. It provides a

Django inspired non-XML syntax but supports inline expressions and an

optional sandboxed environment.

If you have any exposure to other text-based template languages, such

as Smarty or Django, you should feel right at home with Jinja2. It's

both designer and developer friendly by sticking to Python's

principles and adding functionality useful for templating

environments.

Update Information:

Security fix for CVE-2024-22195

Change Log

* Thu Jan 11 2024 Michel Lind - 3.1.3-1 - Update to 3.1.3 to fix CVE-2024-22195 * Tue Aug 8 2023 Karolina Surma - 3.1.2-6 - Declare the license as an SPDX expression

References


[ 1 ] Bug #2257854 - CVE-2024-22195 jinja2: HTML attribute injection when passing user input as keys to xmlattr filter https://bugzilla.redhat.com/show_bug.cgi?id=2257854

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6026572e7d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: python-jinja2
Product: Fedora 39
Version: 3.1.3
Release: 1.fc39
Summary: General purpose template engine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here