It was discovered that Jinja2 incorrectly handled certain HTML
attributes that were accepted by the xmlattr filter. An attacker could
use this issue to inject arbitrary HTML attribute keys and values to
potentially execute a cross-site scripting (XSS) attack.
- https://bugs.mageia.org/show_bug.cgi?id=33253
- https://ubuntu.com/security/notices/USN-6599-1
- https://www.cve.org/CVERecord?id=CVE-2024-22195
- https://www.cve.org/CVERecord?id=CVE-2024-34064
- 9/core/python-jinja2-3.1.4-1.mga9
Get the latest Linux and open source security news straight to your inbox.