OESA-2025-1007

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1007
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1007.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-1007
Upstream
Published
2025-01-03T12:54:29Z
Modified
2025-09-03T06:20:39.988543Z
Summary
python-jinja2 security update
Details

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications where security is important.

Security Fix(es):

Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.(CVE-2024-56201)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / python-jinja2

Package

Name
python-jinja2
Purl
pkg:rpm/openEuler/python-jinja2&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.3-6.oe2203sp4

Ecosystem specific 

{
    "src": [
        "python-jinja2-3.0.3-6.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "python-jinja2-help-3.0.3-6.oe2203sp4.noarch.rpm",
        "python3-jinja2-3.0.3-6.oe2203sp4.noarch.rpm"
    ]
}