MGASA-2024-0199 - Updated python-jinja2 packages fix security vulnerabilities

Publication date: 31 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0199.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-22195,
     CVE-2024-34064

It was discovered that Jinja2 incorrectly handled certain HTML
attributes that were accepted by the xmlattr filter. An attacker could
use this issue to inject arbitrary HTML attribute keys and values to
potentially execute a cross-site scripting (XSS) attack.

References:
- https://bugs.mageia.org/show_bug.cgi?id=33253
- https://ubuntu.com/security/notices/USN-6599-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064

SRPMS:
- 9/core/python-jinja2-3.1.4-1.mga9

Mageia 2024-0199: python-jinja2 Security Advisory Updates

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter

Summary

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack.

References

- https://bugs.mageia.org/show_bug.cgi?id=33253

- https://ubuntu.com/security/notices/USN-6599-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064

Resolution

MGASA-2024-0199 - Updated python-jinja2 packages fix security vulnerabilities

SRPMS

- 9/core/python-jinja2-3.1.4-1.mga9

Severity
Publication date: 31 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0199.html
Type: security
CVE: CVE-2024-22195, CVE-2024-34064

Related News

32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
1.Penguin Landscape Esm H170
2 - 3 min read
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
11.Locks IsometricPattern Esm H170
2 - 4 min read
Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically
32.Lock Code Circular Esm H170
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
27.Tablet Connections Blocks Lock Esm H170
2 - 4 min read
Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12
14.Lock Code WorldMap Esm H170
2 - 4 min read
Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled " Exploring Memory

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved