[ALSA-2024:2348] Moderate: python-jinja2 security update
Release date:
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): * jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
noarch python3-jinja2-2.11.3-5.el9.noarch.rpm 26ea89d6c53af8b9395a9165cc42afafb92cb1bb71b81bffbed08898e33a2487
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.