| Release | Version |
|---|---|
| jessie | 2.7.3-1+deb8u1 |
| stretch | 2.8-1+deb9u1 |
| buster | 2.10-2+deb10u1 |
| bullseye | 2.11.3-1 |
| bookworm | 3.1.2-1 |
| trixie | 3.1.3-1 |
| sid | 3.1.3-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34064 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Jinja is an extensible templating engine. The `xmlattr` filter in affe ... |
| CVE-2024-22195 | fixed | fixed | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Jinja is an extensible templating engine. Special placeholders in the ... |
| CVE-2020-28493 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDo ... |
| CVE-2019-10906 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape ... |
| CVE-2016-10745 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8341 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in Jinja2 2.10. The from_string function is pr ... |
| Bug | Description |
|---|---|
| CVE-2014-1402 | The default configuration for bccache.FileSystemBytecodeCache in Jinja ... |
| CVE-2014-0012 | FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create tempo ... |
| DSA / DLA | Description |
|---|---|
| ELA-1048-1 | jinja2 - security update |
| DLA-3715-1 | jinja2 - security update |