Fedora 41 python-jinja2 Security Advisory FEDORA-2025-cd7f5876b2 critical
fedora
March 11, 2025
Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.
Summary
Jinja2 is a template engine written in pure Python. It provides a
Django inspired non-XML syntax but supports inline expressions and an
optional sandboxed environment.
If you have any exposure to other text-based template languages, such
as Smarty or Django, you should feel right at home with Jinja2. It's
both designer and developer friendly by sticking to Python's
principles and adding functionality useful for templating
environments.
Update Information:
Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.
Topics Covered
Change Log
* Sun Mar 9 2025 Thomas Moschny
References
[ 1 ] Bug #2350190 - CVE-2025-27516 jinja2: Jinja sandbox breakout through attr filter selecting format method
https://bugzilla.redhat.com/show_bug.cgi?id=2350190
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cd7f5876b2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: python-jinja2
Product: Fedora 41
Version: 3.1.6
Release: 1.fc41
Summary: General purpose template engine
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!