Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Mageia 9: 2024-0199 Critical Advisory: Python-Jinja2 XSS Issue

mageia
Calendar Grey May 31, 2024
Dist Mageia Esm H88
Recent updates to the python-jinja2 library rectify significant security vulnerabilities present in Mageia that impact the management of HTML attributes.
It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter

Summary

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack.

References

- https://bugs.mageia.org/show_bug.cgi?id=33253

- https://ubuntu.com/security/notices/USN-6599-1

- https://www.cve.org/CVERecord?id=CVE-2024-22195

- https://www.cve.org/CVERecord?id=CVE-2024-34064

Resolution

SRPMS

- 9/core/python-jinja2-3.1.4-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 31 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0199.html
Type: security
CVE: CVE-2024-22195, CVE-2024-34064

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here