Bug 2333856 (CVE-2024-56326) - CVE-2024-56326 jinja2: Jinja has a sandbox breakout through indirect reference to format method
Summary: CVE-2024-56326 jinja2: Jinja has a sandbox breakout through indirect referenc...
Keywords:
Status: NEW
Alias: CVE-2024-56326
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2333948 2338984 2338985 2338986 2338987
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-23 16:01 UTC by OSIDB Bzimport
Modified: 2025-04-11 08:01 UTC (History)
98 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:0897 0 None None None 2025-02-03 15:14:20 UTC
Red Hat Product Errata RHSA-2025:0335 0 None None None 2025-01-15 14:52:55 UTC
Red Hat Product Errata RHSA-2025:0338 0 None None None 2025-01-15 15:36:55 UTC
Red Hat Product Errata RHSA-2025:0341 0 None None None 2025-01-15 19:35:36 UTC
Red Hat Product Errata RHSA-2025:0345 0 None None None 2025-01-15 21:38:55 UTC
Red Hat Product Errata RHSA-2025:0656 0 None None None 2025-01-28 04:56:45 UTC
Red Hat Product Errata RHSA-2025:0667 0 None None None 2025-01-23 15:59:30 UTC
Red Hat Product Errata RHSA-2025:0711 0 None None None 2025-01-27 13:28:29 UTC
Red Hat Product Errata RHSA-2025:0721 0 None None None 2025-01-27 19:30:22 UTC
Red Hat Product Errata RHSA-2025:0722 0 None None None 2025-01-27 22:41:16 UTC
Red Hat Product Errata RHSA-2025:0753 0 None None None 2025-01-28 01:05:04 UTC
Red Hat Product Errata RHSA-2025:0777 0 None None None 2025-01-28 19:17:15 UTC
Red Hat Product Errata RHSA-2025:0830 0 None None None 2025-02-10 06:12:39 UTC
Red Hat Product Errata RHSA-2025:0834 0 None None None 2025-02-06 01:11:31 UTC
Red Hat Product Errata RHSA-2025:0842 0 None None None 2025-02-06 15:43:09 UTC
Red Hat Product Errata RHSA-2025:0850 0 None None None 2025-01-30 18:01:30 UTC
Red Hat Product Errata RHSA-2025:0875 0 None None None 2025-02-05 10:50:06 UTC
Red Hat Product Errata RHSA-2025:0883 0 None None None 2025-02-03 01:10:05 UTC
Red Hat Product Errata RHSA-2025:0950 0 None None None 2025-02-04 08:36:40 UTC
Red Hat Product Errata RHSA-2025:0951 0 None None None 2025-02-04 08:55:54 UTC
Red Hat Product Errata RHSA-2025:0978 0 None None None 2025-02-04 12:19:32 UTC
Red Hat Product Errata RHSA-2025:1101 0 None None None 2025-02-05 20:24:58 UTC
Red Hat Product Errata RHSA-2025:1109 0 None None None 2025-02-06 05:00:04 UTC
Red Hat Product Errata RHSA-2025:1118 0 None None None 2025-02-13 02:40:08 UTC
Red Hat Product Errata RHSA-2025:1123 0 None None None 2025-02-12 00:13:32 UTC
Red Hat Product Errata RHSA-2025:1130 0 None None None 2025-02-12 04:02:14 UTC
Red Hat Product Errata RHSA-2025:1241 0 None None None 2025-02-13 00:42:53 UTC
Red Hat Product Errata RHSA-2025:1250 0 None None None 2025-02-10 18:48:49 UTC
Red Hat Product Errata RHSA-2025:1710 0 None None None 2025-02-27 00:58:45 UTC
Red Hat Product Errata RHSA-2025:1861 0 None None None 2025-02-25 19:36:11 UTC
Red Hat Product Errata RHSA-2025:2399 0 None None None 2025-03-05 14:27:39 UTC
Red Hat Product Errata RHSA-2025:2612 0 None None None 2025-03-11 00:13:15 UTC
Red Hat Product Errata RHSA-2025:2700 0 None None None 2025-03-20 01:46:41 UTC

Description OSIDB Bzimport 2024-12-23 16:01:11 UTC 
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.
Comment 3 errata-xmlrpc 2025-01-15 14:52:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:0335 https://access.redhat.com/errata/RHSA-2025:0335
Comment 4 errata-xmlrpc 2025-01-15 15:36:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:0338 https://access.redhat.com/errata/RHSA-2025:0338
Comment 5 errata-xmlrpc 2025-01-15 19:35:32 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2025:0341 https://access.redhat.com/errata/RHSA-2025:0341
Comment 6 errata-xmlrpc 2025-01-15 21:38:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:0345 https://access.redhat.com/errata/RHSA-2025:0345
Comment 8 errata-xmlrpc 2025-01-23 15:59:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:0667 https://access.redhat.com/errata/RHSA-2025:0667
Comment 9 errata-xmlrpc 2025-01-27 13:28:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:0711 https://access.redhat.com/errata/RHSA-2025:0711
Comment 10 errata-xmlrpc 2025-01-27 19:30:17 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2025:0721 https://access.redhat.com/errata/RHSA-2025:0721
Comment 11 errata-xmlrpc 2025-01-27 22:41:11 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2025:0722 https://access.redhat.com/errata/RHSA-2025:0722
Comment 12 errata-xmlrpc 2025-01-28 01:04:59 UTC 
This issue has been addressed in the following products:

  Ansible Automation Platform Execution Environments

Via RHSA-2025:0753 https://access.redhat.com/errata/RHSA-2025:0753
Comment 13 errata-xmlrpc 2025-01-28 04:56:39 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0656 https://access.redhat.com/errata/RHSA-2025:0656
Comment 14 errata-xmlrpc 2025-01-28 19:17:10 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2025:0777 https://access.redhat.com/errata/RHSA-2025:0777
Comment 15 errata-xmlrpc 2025-01-30 18:01:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:0850 https://access.redhat.com/errata/RHSA-2025:0850
Comment 16 errata-xmlrpc 2025-02-03 01:09:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:0883 https://access.redhat.com/errata/RHSA-2025:0883
Comment 17 errata-xmlrpc 2025-02-04 08:36:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:0950 https://access.redhat.com/errata/RHSA-2025:0950
Comment 18 errata-xmlrpc 2025-02-04 08:55:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:0951 https://access.redhat.com/errata/RHSA-2025:0951
Comment 19 errata-xmlrpc 2025-02-04 12:19:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:0978 https://access.redhat.com/errata/RHSA-2025:0978
Comment 20 errata-xmlrpc 2025-02-05 10:50:01 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
Comment 21 errata-xmlrpc 2025-02-05 20:24:52 UTC 
This issue has been addressed in the following products:

  Ansible Automation Platform Execution Environments

Via RHSA-2025:1101 https://access.redhat.com/errata/RHSA-2025:1101
Comment 22 errata-xmlrpc 2025-02-06 01:11:25 UTC 
This issue has been addressed in the following products:

  Ironic content for Red Hat OpenShift Container Platform 4.12
  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:0834 https://access.redhat.com/errata/RHSA-2025:0834
Comment 23 errata-xmlrpc 2025-02-06 04:59:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:1109 https://access.redhat.com/errata/RHSA-2025:1109
Comment 24 errata-xmlrpc 2025-02-06 15:43:04 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:0842 https://access.redhat.com/errata/RHSA-2025:0842
Comment 27 errata-xmlrpc 2025-02-10 06:12:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:0830 https://access.redhat.com/errata/RHSA-2025:0830
Comment 28 errata-xmlrpc 2025-02-10 18:48:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:1250 https://access.redhat.com/errata/RHSA-2025:1250
Comment 29 errata-xmlrpc 2025-02-12 00:13:26 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:1123 https://access.redhat.com/errata/RHSA-2025:1123
Comment 30 errata-xmlrpc 2025-02-12 04:02:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:1130 https://access.redhat.com/errata/RHSA-2025:1130
Comment 31 errata-xmlrpc 2025-02-13 00:42:47 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:1241 https://access.redhat.com/errata/RHSA-2025:1241
Comment 32 errata-xmlrpc 2025-02-13 02:40:03 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13
  Ironic content for Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:1118 https://access.redhat.com/errata/RHSA-2025:1118
Comment 33 errata-xmlrpc 2025-02-25 19:36:05 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2025:1861 https://access.redhat.com/errata/RHSA-2025:1861
Comment 34 errata-xmlrpc 2025-02-27 00:58:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:1710 https://access.redhat.com/errata/RHSA-2025:1710
Comment 35 errata-xmlrpc 2025-03-05 14:27:33 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2025:2399 https://access.redhat.com/errata/RHSA-2025:2399
Comment 36 errata-xmlrpc 2025-03-11 00:13:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:2612 https://access.redhat.com/errata/RHSA-2025:2612
Comment 37 errata-xmlrpc 2025-03-20 01:46:35 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:2700 https://access.redhat.com/errata/RHSA-2025:2700
Note You need to log in before you can comment on or make changes to this bug.