Advisories » MGASA-2024-0199

Updated python-jinja2 packages fix security vulnerabilities

Publication date: 31 May 2024
Modification date: 31 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22195 , CVE-2024-34064

Description

It was discovered that Jinja2 incorrectly handled certain HTML
attributes that were accepted by the xmlattr filter. An attacker could
use this issue to inject arbitrary HTML attribute keys and values to
potentially execute a cross-site scripting (XSS) attack.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33253
• https://ubuntu.com/security/notices/USN-6599-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064

SRPMS

9/core

• python-jinja2-3.1.4-1.mga9