{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22195", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.371Z", "datePublished": "2024-01-11T02:25:44.239Z", "dateUpdated": "2024-08-01T22:35:34.831Z"}, "containers": {"cna": {"title": "Jinja vulnerable to Cross-Site Scripting (XSS)", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"}, {"name": "https://github.com/pallets/jinja/releases/tag/3.1.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/pallets/jinja/releases/tag/3.1.3"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/"}], "affected": [{"vendor": "pallets", "product": "jinja", "versions": [{"version": "< 3.1.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T02:25:44.239Z"}, "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.\n"}], "source": {"advisory": "GHSA-h5c8-rqwp-cp95", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.831Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"}, {"name": "https://github.com/pallets/jinja/releases/tag/3.1.3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pallets/jinja/releases/tag/3.1.3"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DAFDD87-5F1B-4485-9393-7FCA343D18DD", "versionEndExcluding": "3.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.\n"}, {"lang": "es", "value": "Jinja es un motor de plantillas extensible. Los marcadores de posici\u00f3n especiales en la plantilla permiten escribir c\u00f3digo similar a la sintaxis de Python. Es posible inyectar atributos HTML arbitrarios en la plantilla HTML renderizada, lo que podr\u00eda generar cross site scripting (XSS). Se puede abusar del filtro Jinja `xmlattr` para inyectar claves y valores de atributos HTML arbitrarios, evitando el mecanismo de escape autom\u00e1tico y potencialmente conduciendo a XSS. Tambi\u00e9n es posible omitir las comprobaciones de validaci\u00f3n de atributos si est\u00e1n basadas en listas negras."}], "id": "CVE-2024-22195", "lastModified": "2024-01-27T03:15:08.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-11T03:15:11.200", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/pallets/jinja/releases/tag/3.1.3"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"}, {"source": "security-advisories@github.com", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1057", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "python3x-jinja2-0:3.1.3-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-02-29T00:00:00Z"}, {"advisory": "RHSA-2024:1640", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "automation-controller-0:4.5.5-2.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:1057", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "python-jinja2-0:3.1.3-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-02-29T00:00:00Z"}, {"advisory": "RHSA-2024:1640", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "automation-controller-0:4.5.5-2.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/ceph-nvmeof-cli-rhel9:1.2.13-4", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/ceph-nvmeof-rhel9:1.2.13-4", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/grafana-rhel9:10.4.0-9", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/keepalived-rhel9:2.2.8-20", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/rhceph-7-rhel9:7-385", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/rhceph-haproxy-rhel9:2.4.22-21", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/rhceph-promtail-rhel9:v2.4.0-28", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:3927", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9", "package": "rhceph/snmp-notifier-rhel9:1.2.1-67", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-13T00:00:00Z"}, {"advisory": "RHSA-2024:2968", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "fence-agents-0:4.2.1-129.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2987", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python27:2.7-8100020240208011952.5f0f67de", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3102", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python-jinja2-0:2.10.1-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2132", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "fence-agents-0:4.10.0-62.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2348", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python-jinja2-0:2.11.3-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:1155", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "fence-agents-0:4.10.0-20.el9_0.11", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:2733", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "openstack-ansible-core-0:2.14.2-4.3.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:1536", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "python-jinja2-0:3.1.3-0.1.el8pc", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1536", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "python-jinja2-0:3.1.3-0.1.el8pc", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:2010", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "package": "python-jinja2-0:3.1.3-1.el8pc", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:2010", "cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8", "package": "python-jinja2-0:3.1.3-1.el8pc", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:1878", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-jinja2-0:3.1.3-1.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2024-04-18T00:00:00Z"}], "bugzilla": {"description": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter", "id": "2257854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.", "A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-22195", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Out of support scope", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-lint", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python3-jinja2", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python3x-ansible-compat", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python3x-django-lifecycle", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python-ansible-compat", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python-django-lifecycle", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "cephadm-ansible", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "cephadm-ansible", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Will not fix", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python-jinja2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python-jinja2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rust-srpm-macros", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rust-srpm-macros", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4-aws-iso", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-jinja2", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Not affected", "package_name": "python-httpcore", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-capsule:el8/python-jinja2", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite:el8/python-jinja2", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "tfm-pulpcore-python-jinja2", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-python-jinja2", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "gdeploy", "product_name": "Red Hat Storage 3"}], "public_date": "2024-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-22195\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-22195\nhttps://github.com/pallets/jinja/releases/tag/3.1.3\nhttps://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"], "statement": "The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk.", "threat_severity": "Moderate", "upstream_fix": "jinja2 3.1.3"}