MGASA-2024-0199 - Updated python-jinja2 packages fix security vulnerabilities

Publication date: 31 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0199.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-22195,
     CVE-2024-34064

It was discovered that Jinja2 incorrectly handled certain HTML
attributes that were accepted by the xmlattr filter. An attacker could
use this issue to inject arbitrary HTML attribute keys and values to
potentially execute a cross-site scripting (XSS) attack.

References:
- https://bugs.mageia.org/show_bug.cgi?id=33253
- https://ubuntu.com/security/notices/USN-6599-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064

SRPMS:
- 9/core/python-jinja2-3.1.4-1.mga9

Mageia 2024-0199: python-jinja2 Security Advisory Updates

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter

Summary

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack.

References

- https://bugs.mageia.org/show_bug.cgi?id=33253

- https://ubuntu.com/security/notices/USN-6599-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064

Resolution

MGASA-2024-0199 - Updated python-jinja2 packages fix security vulnerabilities

SRPMS

- 9/core/python-jinja2-3.1.4-1.mga9

Severity
Publication date: 31 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0199.html
Type: security
CVE: CVE-2024-22195, CVE-2024-34064

Related News