INFSA-2025:3406: python-jinja2 security update
Information about definition
Identificator: INFSA-2025:3406
Type: security
Release date: 2025-04-29 14:06:49 UTC
Information about package
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Vulnerabilities description
- CVE-2025-27516
Pallets Jinja could allow a local authenticated attacker to bypass security restrictions, caused by an oversight in how the Jinja sandboxed environment interacts with the |attr filter. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary Python code on the system.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-27516
|
no information | 7.3 | no information |
Updated packages