Bug 2333856 (CVE-2024-56326)
| Summary: | CVE-2024-56326 jinja2: Jinja has a sandbox breakout through indirect reference to format method | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abarbaro, abhraj, adudiak, ahrabovs, anpicker, anthomas, aprice, aucunnin, bbrownin, bdettelb, bparees, brking, caswilli, cdaley, dfreiber, doconnor, dranck, drow, eglynn, ehelms, ggainey, gtanzill, haoli, hasun, hkataria, jajackso, jburrell, jcammara, jchui, jdobes, jeder, jforrest, jfula, jhe, jjoyce, jkoehler, jmitchel, jneedle, jowilson, jsamir, jschluet, jtanner, juwatts, jwong, kaycoth, kegrant, kgaikwad, kholdawa, koliveir, kshier, ktsao, lbalhar, lcouzens, lhh, ljawale, lphiri, lsvaty, luizcosta, mabashia, mburns, mgarciac, mhulan, mminar, mpierce, mskarbek, mstoklus, nboldt, nmoumoul, nweather, nyancey, oezr, omaciel, ometelka, orabin, osousa, pbraun, pcreech, pgrist, psegedy, psrna, ptisnovs, rbiba, rbobbitt, rchan, rhos-maint, shrjoshi, shvarugh, simaishi, smallamp, smcdonal, sskracic, stcannon, sthirugn, syedriko, teagle, tfister, thavo, tvignaud, vkrizan, vkumar, xdharmai, yguenane, zkayyali |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, storing a reference to a malicious string's format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2333948, 2338984, 2338985, 2338986, 2338987 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-12-23 16:01:11 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:0335 https://access.redhat.com/errata/RHSA-2025:0335 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:0338 https://access.redhat.com/errata/RHSA-2025:0338 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 8 Red Hat Ansible Automation Platform 2.5 for RHEL 9 Via RHSA-2025:0341 https://access.redhat.com/errata/RHSA-2025:0341 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:0345 https://access.redhat.com/errata/RHSA-2025:0345 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:0667 https://access.redhat.com/errata/RHSA-2025:0667 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:0711 https://access.redhat.com/errata/RHSA-2025:0711 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2025:0721 https://access.redhat.com/errata/RHSA-2025:0721 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Ansible Automation Platform 2.4 for RHEL 9 Via RHSA-2025:0722 https://access.redhat.com/errata/RHSA-2025:0722 This issue has been addressed in the following products: Ansible Automation Platform Execution Environments Via RHSA-2025:0753 https://access.redhat.com/errata/RHSA-2025:0753 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0656 https://access.redhat.com/errata/RHSA-2025:0656 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 9 Red Hat Ansible Automation Platform 2.5 for RHEL 8 Via RHSA-2025:0777 https://access.redhat.com/errata/RHSA-2025:0777 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:0850 https://access.redhat.com/errata/RHSA-2025:0850 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:0883 https://access.redhat.com/errata/RHSA-2025:0883 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:0950 https://access.redhat.com/errata/RHSA-2025:0950 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:0951 https://access.redhat.com/errata/RHSA-2025:0951 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:0978 https://access.redhat.com/errata/RHSA-2025:0978 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875 This issue has been addressed in the following products: Ansible Automation Platform Execution Environments Via RHSA-2025:1101 https://access.redhat.com/errata/RHSA-2025:1101 This issue has been addressed in the following products: Ironic content for Red Hat OpenShift Container Platform 4.12 Red Hat OpenShift Container Platform 4.12 Via RHSA-2025:0834 https://access.redhat.com/errata/RHSA-2025:0834 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2025:1109 https://access.redhat.com/errata/RHSA-2025:1109 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:0842 https://access.redhat.com/errata/RHSA-2025:0842 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:0830 https://access.redhat.com/errata/RHSA-2025:0830 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:1250 https://access.redhat.com/errata/RHSA-2025:1250 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:1123 https://access.redhat.com/errata/RHSA-2025:1123 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2025:1130 https://access.redhat.com/errata/RHSA-2025:1130 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2025:1241 https://access.redhat.com/errata/RHSA-2025:1241 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Ironic content for Red Hat OpenShift Container Platform 4.13 Via RHSA-2025:1118 https://access.redhat.com/errata/RHSA-2025:1118 This issue has been addressed in the following products: Red Hat OpenStack Platform 17.1 for RHEL 9 Via RHSA-2025:1861 https://access.redhat.com/errata/RHSA-2025:1861 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2025:1710 https://access.redhat.com/errata/RHSA-2025:1710 This issue has been addressed in the following products: Red Hat Satellite 6.16 for RHEL 8 Red Hat Satellite 6.16 for RHEL 9 Via RHSA-2025:2399 https://access.redhat.com/errata/RHSA-2025:2399 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:2612 https://access.redhat.com/errata/RHSA-2025:2612 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2025:2700 https://access.redhat.com/errata/RHSA-2025:2700 |