Description
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
References (4)
Core 4
Core References
Issue Tracking x_refsource_misc
https://github.com/pallets/jinja/issues/1792
Vendor Advisory x_refsource_confirm
https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
Patch x_refsource_misc
https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f
Release Notes x_refsource_misc
https://github.com/pallets/jinja/releases/tag/3.1.5
Scores
CVSS v3
8.8
EPSS
0.0046
EPSS Percentile
64.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-150
Status
published
Products (2)
palletsprojects/jinja
3.0.0 - 3.1.5
pypi/jinja2
3.0.0 - 3.1.5PyPI
Published
Dec 23, 2024
Tracked Since
Feb 18, 2026