CVE-2024-56326 - Vulnerability Details

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Ansible Automation Platform Discovery Enterprise Linux Openshift Openshift Ironic Openstack Rhdh Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus Satellite Satellite Capsule

No data.

Package	CPE	Advisory	Released Date
Ansible Automation Platform Execution Environments
ansible-automation-platform/ee-minimal-rhel8:2.15.13-6	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2025:0753	2025-01-28T00:00:00Z
ansible-automation-platform/ee-minimal-rhel9:2.18.1-4	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2025:0753	2025-01-28T00:00:00Z
ansible-automation-platform/ee-minimal-rhel8:2.13.10-39	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2025:1101	2025-02-05T00:00:00Z
ansible-automation-platform/ee-minimal-rhel9:2.16.14-7	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2025:1101	2025-02-05T00:00:00Z
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
Ironic content for Red Hat OpenShift Container Platform 4.12
python-jinja2-0:3.0.1-6.el9.2	cpe:/a:redhat:openshift_ironic:4.12::el9	RHSA-2025:0834	2025-02-06T00:00:00Z
Ironic content for Red Hat OpenShift Container Platform 4.13
python-jinja2-0:3.0.1-6.el9.2	cpe:/a:redhat:openshift_ironic:4.13::el9	RHSA-2025:1118	2025-02-13T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 8
automation-controller-0:4.5.17-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2025:0721	2025-01-27T00:00:00Z
python3x-jinja2-0:3.1.5-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2025:0721	2025-01-27T00:00:00Z
ansible-automation-platform-24/lightspeed-rhel8-operator:2.4-33	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2025:0722	2025-01-27T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
automation-controller-0:4.5.17-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2025:0721	2025-01-27T00:00:00Z
python-jinja2-0:3.1.5-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2025:0721	2025-01-27T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 8
ansible-automation-platform-25/lightspeed-rhel8:2.5.250107-1	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2025:0341	2025-01-15T00:00:00Z
automation-controller-0:4.6.7-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2025:0777	2025-01-28T00:00:00Z
python3.11-jinja2-0:3.1.5-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2025:0777	2025-01-28T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 9
automation-controller-0:4.6.7-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.5::el9	RHSA-2025:0777	2025-01-28T00:00:00Z
python3.11-jinja2-0:3.1.5-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.5::el9	RHSA-2025:0777	2025-01-28T00:00:00Z
Red Hat Developer Hub 1.3 on RHEL 9
rhdh-hub-container-1.3-138	cpe:/a:redhat:rhdh:1.3::el9	RHBA-2025:0610	2025-01-22T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
python-jinja2-0:2.7.2-5.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:1250	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8
python-jinja2-0:2.10.1-6.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:0711	2025-01-27T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
python-jinja2-0:2.10.1-2.el8_2.3	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:2612	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
python-jinja2-0:2.10.1-2.el8_4.1	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1109	2025-02-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
python-jinja2-0:2.10.1-2.el8_4.1	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1109	2025-02-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
python-jinja2-0:2.10.1-2.el8_4.1	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1109	2025-02-06T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
python-jinja2-0:2.10.1-4.el8_6.1	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:0950	2025-02-04T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
python-jinja2-0:2.10.1-4.el8_6.1	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:0950	2025-02-04T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
python-jinja2-0:2.10.1-4.el8_6.1	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:0950	2025-02-04T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
python-jinja2-0:2.10.1-4.el8_8.1	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:0883	2025-02-03T00:00:00Z
Red Hat Enterprise Linux 9
fence-agents-0:4.10.0-76.el9_5.4	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0308	2025-01-14T00:00:00Z
python-jinja2-0:2.11.3-7.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0667	2025-01-23T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
fence-agents-0:4.10.0-20.el9_0.20	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:0345	2025-01-15T00:00:00Z
python-jinja2-0:2.11.3-4.el9_0.1	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:0951	2025-02-04T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
fence-agents-0:4.10.0-43.el9_2.11	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:0335	2025-01-15T00:00:00Z
python-jinja2-0:2.11.3-4.el9_2.1	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:0978	2025-02-04T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
fence-agents-0:4.10.0-62.el9_4.10	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:0338	2025-01-15T00:00:00Z
python-jinja2-0:2.11.3-6.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:0850	2025-01-30T00:00:00Z
Red Hat OpenShift Container Platform 4.12
openshift4/ose-ansible-operator:v4.12.0-202502040858.p0.g0bd975e.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:1241	2025-02-13T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift4/ose-ansible-operator:v4.13.0-202503111300.p0.g01bfabb.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2025:2700	2025-03-20T00:00:00Z
Red Hat OpenShift Container Platform 4.14
python-jinja2-0:3.0.1-6.el9.2	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2025:0842	2025-02-06T00:00:00Z
Red Hat OpenShift Container Platform 4.15
openshift4/ose-ansible-operator:v4.15.0-202502171304.p0.g52fc4b9.assembly.stream.el8	cpe:/a:redhat:openshift:4.15::el8	RHSA-2025:1710	2025-02-27T00:00:00Z
python-jinja2-0:3.0.1-6.el9.2	cpe:/a:redhat:openshift_ironic:4.15::el9	RHSA-2025:1130	2025-02-12T00:00:00Z
Red Hat OpenShift Container Platform 4.16
openshift4/ose-ansible-rhel9-operator:v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:1123	2025-02-12T00:00:00Z
python-jinja2-0:3.0.1-6.el9.2	cpe:/a:redhat:openshift_ironic:4.16::el9	RHSA-2025:0830	2025-02-10T00:00:00Z
Red Hat OpenShift Container Platform 4.17
openshift4/ose-ansible-rhel9-operator:v4.17.0-202501300634.p0.g9cb5839.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:0875	2025-02-05T00:00:00Z
python-jinja2-0:3.1.5-1.el9	cpe:/a:redhat:openshift_ironic:4.17::el9	RHSA-2025:0656	2025-01-28T00:00:00Z
Red Hat OpenStack Platform 17.1 for RHEL 9
openstack-ansible-core-0:2.14.2-4.6.el9ost	cpe:/a:redhat:openstack:17.1::el9	RHSA-2025:1861	2025-02-25T00:00:00Z
Red Hat Satellite 6.16 for RHEL 8
python-jinja2-0:3.1.5-1.el8pc	cpe:/a:redhat:satellite:6.16::el8	RHSA-2025:2399	2025-03-05T00:00:00Z
python-jinja2-0:3.1.5-1.el8pc	cpe:/a:redhat:satellite_capsule:6.16::el8	RHSA-2025:2399	2025-03-05T00:00:00Z
Red Hat Satellite 6.16 for RHEL 9
python-jinja2-0:3.1.5-1.el9pc	cpe:/a:redhat:satellite:6.16::el9	RHSA-2025:2399	2025-03-05T00:00:00Z
python-jinja2-0:3.1.5-1.el9pc	cpe:/a:redhat:satellite_capsule:6.16::el9	RHSA-2025:2399	2025-03-05T00:00:00Z
Red Hat Developer Hub (RHDH) 1.4
registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:d8268197ba0466643efb818fcad8f0fc29e32463f75b0f7f51d9ce75ec717572	cpe:/a:redhat:rhdh:1.4::el9	RHBA-2025:0409	2025-01-20T00:00:00Z
Red Hat Developer Hub (RHDH) 1.5
registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665	cpe:/a:redhat:rhdh:1.5::el9	RHSA-2025:3374	2025-03-27T00:00:00Z

References

Link	Providers
https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
https://github.com/pallets/jinja/releases/tag/3.1.5
https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
https://nvd.nist.gov/vuln/detail/CVE-2024-56326
https://www.cve.org/CVERecord?id=CVE-2024-56326

History

Fri, 28 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhdh:1.5::el9

Fri, 21 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhdh:1.3::el9

Thu, 20 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el8

Wed, 12 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2

Thu, 06 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat satellite Redhat satellite Capsule
CPEs		cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9
Vendors & Products		Redhat satellite Redhat satellite Capsule

Thu, 27 Feb 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el8

Wed, 26 Feb 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openstack
CPEs		cpe:/a:redhat:openstack:17.1::el9
Vendors & Products		Redhat openstack

Fri, 14 Feb 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhdh
CPEs		cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift_ironic:4.13::el9 cpe:/a:redhat:rhdh:1.4::el9
Vendors & Products		Redhat rhdh

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat ansible Automation Platform Redhat discovery Redhat enterprise Linux Redhat openshift Redhat openshift Ironic Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform:ee::el8 cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift:4.17::el9 cpe:/a:redhat:openshift_ironic:4.12::el9 cpe:/a:redhat:openshift_ironic:4.14::el9 cpe:/a:redhat:openshift_ironic:4.15::el9 cpe:/a:redhat:openshift_ironic:4.16::el9 cpe:/a:redhat:openshift_ironic:4.17::el9 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:discovery:1.0::el9 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat Redhat ansible Automation Platform Redhat discovery Redhat enterprise Linux Redhat openshift Redhat openshift Ironic Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
Metrics	threat_severity `Important`	threat_severity `Moderate`

Fri, 27 Dec 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Dec 2024 13:45:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-56326 https://www.cve.org/CVERecord?id=CVE-2024-56326
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 24 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Dec 2024 16:00:00 +0000

Type	Values Removed	Values Added
Description		Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.
Title		Jinja has a sandbox breakout through indirect reference to format method
Weaknesses		CWE-1336 CWE-693
References		https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 https://github.com/pallets/jinja/releases/tag/3.1.5 https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
Metrics		cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-23T15:43:49.400Z

Updated: 2024-12-27T17:54:33.724Z

Reserved: 2024-12-19T18:34:22.764Z

Link: CVE-2024-56326

Vulnrichment

Updated: 2024-12-24T01:43:04.937Z

NVD

Status : Awaiting Analysis

Published: 2024-12-23T16:15:07.590

Modified: 2024-12-27T18:15:38.947

Link: CVE-2024-56326

Redhat

Severity : Moderate

Publid Date: 2024-12-23T15:43:49Z

Links: CVE-2024-56326 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56326", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-12-19T18:34:22.764Z", "datePublished": "2024-12-23T15:43:49.400Z", "dateUpdated": "2024-12-27T17:54:33.724Z"}, "containers": {"cna": {"title": "Jinja has a sandbox breakout through indirect reference to format method", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-693", "lang": "en", "description": "CWE-693: Protection Mechanism Failure", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h"}, {"name": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4", "tags": ["x_refsource_MISC"], "url": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4"}, {"name": "https://github.com/pallets/jinja/releases/tag/3.1.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/pallets/jinja/releases/tag/3.1.5"}], "affected": [{"vendor": "pallets", "product": "jinja", "versions": [{"version": "< 3.1.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-23T15:43:49.400Z"}, "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5."}], "source": {"advisory": "GHSA-q2x7-8rv6-6q7h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-27T17:50:50.460995Z", "id": "CVE-2024-56326", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-27T17:54:33.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-56326", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-27T17:50:50.460995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-24T01:43:04.937Z"}}], "cna": {"title": "Jinja has a sandbox breakout through indirect reference to format method", "source": {"advisory": "GHSA-q2x7-8rv6-6q7h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pallets", "product": "jinja", "versions": [{"status": "affected", "version": "< 3.1.5"}]}], "references": [{"url": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h", "name": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4", "name": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pallets/jinja/releases/tag/3.1.5", "name": "https://github.com/pallets/jinja/releases/tag/3.1.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-23T15:43:49.400Z"}}}, "cveMetadata": {"cveId": "CVE-2024-56326", "state": "PUBLISHED", "dateUpdated": "2024-12-27T17:54:33.724Z", "dateReserved": "2024-12-19T18:34:22.764Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-23T15:43:49.400Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5."}, {"lang": "es", "value": "Jinja es un motor de plantillas extensible. Antes de la versi\u00f3n 3.1.5, una supervisi\u00f3n de c\u00f3mo el entorno aislado de Jinja detecta llamadas a str.format permit\u00eda a un atacante que controlaba el contenido de una plantilla ejecutar c\u00f3digo Python arbitrario. Para aprovechar la vulnerabilidad, un atacante necesita controlar el contenido de una plantilla. Que ese sea el caso depende del tipo de aplicaci\u00f3n que utilice Jinja. Esta vulnerabilidad afecta a los usuarios de aplicaciones que ejecutan plantillas que no son de confianza. El sandbox de Jinja capta llamadas a str.format y garantiza que no escapen de la sandbox. Sin embargo, es posible almacenar una referencia al m\u00e9todo de formato de una cadena maliciosa y luego pasarla a un filtro que lo llame. Estos filtros no est\u00e1n integrados en Jinja, pero podr\u00edan estar presentes a trav\u00e9s de filtros personalizados en una aplicaci\u00f3n. Despu\u00e9s de la soluci\u00f3n, estas llamadas indirectas tambi\u00e9n son gestionadas por la sandbox. Esta vulnerabilidad se solucion\u00f3 en 3.1.5."}], "id": "CVE-2024-56326", "lastModified": "2024-12-27T18:15:38.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-23T16:15:07.590", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4"}, {"source": "security-advisories@github.com", "url": "https://github.com/pallets/jinja/releases/tag/3.1.5"}, {"source": "security-advisories@github.com", "url": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}, {"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0753", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel8:2.15.13-6", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0753", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel9:2.18.1-4", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:1101", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel8:2.13.10-39", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1101", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel9:2.16.14-7", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:0834", "cpe": "cpe:/a:redhat:openshift_ironic:4.12::el9", "package": "python-jinja2-0:3.0.1-6.el9.2", "product_name": "Ironic content for Red Hat OpenShift Container Platform 4.12", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1118", "cpe": "cpe:/a:redhat:openshift_ironic:4.13::el9", "package": "python-jinja2-0:3.0.1-6.el9.2", "product_name": "Ironic content for Red Hat OpenShift Container Platform 4.13", "release_date": "2025-02-13T00:00:00Z"}, {"advisory": "RHSA-2025:0721", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "automation-controller-0:4.5.17-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0721", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "python3x-jinja2-0:3.1.5-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0722", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/lightspeed-rhel8-operator:2.4-33", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0721", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "automation-controller-0:4.5.17-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0721", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "python-jinja2-0:3.1.5-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0341", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/lightspeed-rhel8:2.5.250107-1", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "automation-controller-0:4.6.7-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "python3.11-jinja2-0:3.1.5-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "automation-controller-0:4.6.7-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "python3.11-jinja2-0:3.1.5-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHBA-2025:0610", "cpe": "cpe:/a:redhat:rhdh:1.3::el9", "package": "rhdh-hub-container-1.3-138", "product_name": "Red Hat Developer Hub 1.3 on RHEL 9", "release_date": "2025-01-22T00:00:00Z"}, {"advisory": "RHSA-2025:1250", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "python-jinja2-0:2.7.2-5.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:0711", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python-jinja2-0:2.10.1-6.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:2612", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "python-jinja2-0:2.10.1-2.el8_2.3", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:1109", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "python-jinja2-0:2.10.1-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1109", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "python-jinja2-0:2.10.1-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1109", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "python-jinja2-0:2.10.1-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:0950", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "python-jinja2-0:2.10.1-4.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2025:0950", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "python-jinja2-0:2.10.1-4.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2025:0950", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "python-jinja2-0:2.10.1-4.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2025:0883", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "python-jinja2-0:2.10.1-4.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0308", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "fence-agents-0:4.10.0-76.el9_5.4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0667", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python-jinja2-0:2.11.3-7.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-23T00:00:00Z"}, {"advisory": "RHSA-2025:0345", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "fence-agents-0:4.10.0-20.el9_0.20", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0951", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "python-jinja2-0:2.11.3-4.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2025:0335", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "fence-agents-0:4.10.0-43.el9_2.11", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0978", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "python-jinja2-0:2.11.3-4.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-04T00:00:00Z"}, {"advisory": "RHSA-2025:0338", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "fence-agents-0:4.10.0-62.el9_4.10", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0850", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "python-jinja2-0:2.11.3-6.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-30T00:00:00Z"}, {"advisory": "RHSA-2025:1241", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ansible-operator:v4.12.0-202502040858.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-02-13T00:00:00Z"}, {"advisory": "RHSA-2025:2700", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ansible-operator:v4.13.0-202503111300.p0.g01bfabb.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:0842", "cpe": "cpe:/a:redhat:openshift_ironic:4.14::el9", "package": "python-jinja2-0:3.0.1-6.el9.2", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1710", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ansible-operator:v4.15.0-202502171304.p0.g52fc4b9.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-02-27T00:00:00Z"}, {"advisory": "RHSA-2025:1130", "cpe": "cpe:/a:redhat:openshift_ironic:4.15::el9", "package": "python-jinja2-0:3.0.1-6.el9.2", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1123", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ansible-rhel9-operator:v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:0830", "cpe": "cpe:/a:redhat:openshift_ironic:4.16::el9", "package": "python-jinja2-0:3.0.1-6.el9.2", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:0875", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-ansible-rhel9-operator:v4.17.0-202501300634.p0.g9cb5839.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:0656", "cpe": "cpe:/a:redhat:openshift_ironic:4.17::el9", "package": "python-jinja2-0:3.1.5-1.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:1861", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "openstack-ansible-core-0:2.14.2-4.6.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:2399", "cpe": "cpe:/a:redhat:satellite:6.16::el8", "package": "python-jinja2-0:3.1.5-1.el8pc", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHSA-2025:2399", "cpe": "cpe:/a:redhat:satellite_capsule:6.16::el8", "package": "python-jinja2-0:3.1.5-1.el8pc", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHSA-2025:2399", "cpe": "cpe:/a:redhat:satellite:6.16::el9", "package": "python-jinja2-0:3.1.5-1.el9pc", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHSA-2025:2399", "cpe": "cpe:/a:redhat:satellite_capsule:6.16::el9", "package": "python-jinja2-0:3.1.5-1.el9pc", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHBA-2025:0409", "cpe": "cpe:/a:redhat:rhdh:1.4::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:d8268197ba0466643efb818fcad8f0fc29e32463f75b0f7f51d9ce75ec717572", "product_name": "Red Hat Developer Hub (RHDH) 1.4", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:3374", "cpe": "cpe:/a:redhat:rhdh:1.5::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665", "product_name": "Red Hat Developer Hub (RHDH) 1.5", "release_date": "2025-03-27T00:00:00Z"}], "bugzilla": {"description": "jinja2: Jinja has a sandbox breakout through indirect reference to format method", "id": "2333856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333856"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "(CWE-1336|CWE-693)", "details": ["Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.", "A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, storing a reference to a malicious string's format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox."], "name": "CVE-2024-56326", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "aap-cloud-metrics-collector-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/de-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-25/ansible-dev-tools-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-rhel9-operator", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "python-jinja2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rhel9/keylime-registrar", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-ibm-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "rhoai/odh-ml-pipelines-api-server-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "rhoai/odh-ml-pipelines-driver-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "rhoai/odh-ml-pipelines-launcher-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-model-registry-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-ovn-kubernetes-microshift-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "python-jinja2", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-capsule:el8/python-jinja2", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite:el8/python-jinja2", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Not affected", "package_name": "python-jinja2", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2024-12-23T15:43:49Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56326\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56326\nhttps://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4\nhttps://github.com/pallets/jinja/releases/tag/3.1.5\nhttps://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h"], "statement": "This vulnerability is rated as Moderate due to an oversight in Jinja's sandbox environment, allowing attackers to execute arbitrary Python code through controlled template content. This requires control over template content, making exploitation possible only in specific applications, thus limiting its overall impact.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object