Metrics
Affected Vendors & Products
Mon, 22 Sep 2025 18:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Palletsprojects Palletsprojects jinja | |
| CPEs | cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:* | |
| Vendors & Products | Palletsprojects Palletsprojects jinja | |
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Wed, 02 Apr 2025 02:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat satellite Redhat satellite Capsule | |
| CPEs | cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 | |
| Vendors & Products | Redhat satellite Redhat satellite Capsule | 
Fri, 28 Mar 2025 15:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat openshift Ai | |
| CPEs | cpe:/a:redhat:openshift_ai:2.16::el8 cpe:/a:redhat:rhdh:1.5::el9 | |
| Vendors & Products | Redhat openshift Ai | 
Wed, 26 Feb 2025 02:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat openstack | |
| CPEs | cpe:/a:redhat:openstack:17.1::el9 | |
| Vendors & Products | Redhat openstack | 
Tue, 18 Feb 2025 22:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
Fri, 14 Feb 2025 02:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:/a:redhat:openshift_ironic:4.13::el9 cpe:/a:redhat:rhdh:1.4::el9 | 
Thu, 13 Feb 2025 00:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat Redhat ansible Automation Platform Redhat discovery Redhat enterprise Linux Redhat openshift Redhat openshift Ironic Redhat rhdh Redhat rhel E4s Redhat rhel Eus | |
| CPEs | cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform:ee::el8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift:4.17::el9 cpe:/a:redhat:openshift_ironic:4.12::el9 cpe:/a:redhat:openshift_ironic:4.14::el9 cpe:/a:redhat:openshift_ironic:4.15::el9 cpe:/a:redhat:openshift_ironic:4.16::el9 cpe:/a:redhat:openshift_ironic:4.17::el9 cpe:/a:redhat:rhdh:1.3::el9 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/o:redhat:discovery:1.0::el9 | |
| Vendors & Products | Redhat Redhat ansible Automation Platform Redhat discovery Redhat enterprise Linux Redhat openshift Redhat openshift Ironic Redhat rhdh Redhat rhel E4s Redhat rhel Eus | 
Wed, 08 Jan 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | 
Tue, 24 Dec 2024 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | threat_severity 
 | 
Tue, 24 Dec 2024 02:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 
 | 
Mon, 23 Dec 2024 15:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | |
| Title | Jinja has a sandbox breakout through malicious filenames | |
| Weaknesses | CWE-150 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-23T15:37:36.110Z
Updated: 2025-02-18T21:47:42.763Z
Reserved: 2024-12-18T18:29:25.896Z
Link: CVE-2024-56201
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-12-24T01:45:29.331Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-12-23T16:15:07.410
Modified: 2025-09-22T17:45:28.710
Link: CVE-2024-56201
 Redhat
                        Redhat