Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
Created mingw-python-jinja2 tracking bugs for this issue: Affects: fedora-all [bug 2279486] Created python-jinja2 tracking bugs for this issue: Affects: fedora-all [bug 2279491] Created python3-jinja2 tracking bugs for this issue: Affects: epel-all [bug 2279489] Created python3.11-jinja2-epel tracking bugs for this issue: Affects: epel-all [bug 2279487] Created python39-jinja2-epel tracking bugs for this issue: Affects: epel-all [bug 2279488]
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:3795 https://access.redhat.com/errata/RHSA-2024:3795
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:3811 https://access.redhat.com/errata/RHSA-2024:3811
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3820 https://access.redhat.com/errata/RHSA-2024:3820
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4231 https://access.redhat.com/errata/RHSA-2024:4231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4404 https://access.redhat.com/errata/RHSA-2024:4404
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4414 https://access.redhat.com/errata/RHSA-2024:4414
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4427 https://access.redhat.com/errata/RHSA-2024:4427
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:4522 https://access.redhat.com/errata/RHSA-2024:4522
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4616 https://access.redhat.com/errata/RHSA-2024:4616
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4958 https://access.redhat.com/errata/RHSA-2024:4958
This issue has been addressed in the following products: Red Hat Satellite 6.15 for RHEL 8 Via RHSA-2024:5662 https://access.redhat.com/errata/RHSA-2024:5662
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:5433 https://access.redhat.com/errata/RHSA-2024:5433
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Ironic content for Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:6011 https://access.redhat.com/errata/RHSA-2024:6011