Lucene search

Rockylinux Product ErrataRLSA-2024:4231

HistoryJul 15, 2024 - 12:17 p.m.

python-jinja2 security update

2024-07-1512:17:49

Rockylinux Product Errata

errata.rockylinux.org

python-jinja2

security update

rocky linux 8

cve-2024-34064

template engine

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

6.8

Confidence

Low

JSON

An update is available for python-jinja2.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

Security Fix(es):

jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8noarchpython3-jinja2< 2.10.1-5.el8_10python3-jinja2-0:2.10.1-5.el8_10.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	noarch	python3-jinja2	< 2.10.1-5.el8_10	python3-jinja2-0:2.10.1-5.el8_10.noarch.rpm

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

6.8

Confidence

Low

JSON

Related for RLSA-2024:4231