Pocoo Jinja2 vulnerabilities

CVE-2025-27516 [MEDIUM] CWE-1336 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method Jinja2 vulnerable to sandbox breakout through attr filter selecting format method An oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on

CVE-2024-56201 [MEDIUM] CWE-150 Jinja has a sandbox breakout through malicious filenames Jinja has a sandbox breakout through malicious filenames A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application us

CVE-2024-56326 [MEDIUM] CWE-693 Jinja has a sandbox breakout through indirect reference to format method Jinja has a sandbox breakout through indirect reference to format method An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application

CVE-2024-34064 [MEDIUM] CWE-79 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to on

CVE-2024-22195 [MEDIUM] CWE-79 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these i

CVE-2020-28493 [MEDIUM] Regular Expression Denial of Service (ReDoS) Regular Expression Denial of Service (ReDoS) This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeout

CVE-2019-10906 [HIGH] CWE-693 Jinja2 sandbox escape via string formatting Jinja2 sandbox escape via string formatting In Pallets Jinja before 2.10.1, `str.format_map` allows a sandbox escape. The sandbox is used to restrict what code can be evaluated when rendering untrusted, user-provided templates. Due to the way string formatting works in Python, the `str.format_map` method could be used to escape the sandbox. This issue was previously addressed for the `str.format` method in Jinja 2.8.1,

CVE-2016-10745 [HIGH] CWE-134 Jinja2 sandbox escape vulnerability Jinja2 sandbox escape vulnerability In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

CVE-2019-8341 [CRITICAL] CWE-94 CVE-2019-8341: An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template In An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerabilit

CVE-2014-0012 [MEDIUM] CWE-264 CVE-2014-0012: FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.

CVE-2014-1402 [MEDIUM] CWE-264 CVE-2014-1402: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not proper The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.