CVE: 0000-0000 found in Jinja2 - Version: 2.11.3 [PYTHON] #95

github-actions · 2022-08-08T15:01:44Z

Veracode Software Composition Analysis

Attribute	Details
Library	Jinja2
Description	A very fast and expressive template engine.
Language	PYTHON
Vulnerability	Cross-Site Scripting (XSS)
Vulnerability description	jinja2 is vulnerable to Cross Site Scripting. An attacker is able to inject and execute arbitrary Javascript through the `gettext` and `ngettext` function due to the lack of output sanitization.
CVE	null
CVSS score	5.8
Vulnerability present in version/s	2.5-3.0.0
Found library version/s	2.11.3
Vulnerability fixed in version
Library latest version	3.1.2
Fix	There is no fix version. Apply the following fix:

Links:

The text was updated successfully, but these errors were encountered:

mdesmet · 2022-08-22T11:25:57Z

Jinja will be upgraded to 3.0 version in dbt1.3

github-actions bot added Severity: Medium Medium severity Veracode Dependency Scanning A Veracode identified vulnerability labels Aug 8, 2022

mdesmet closed this as completed Oct 22, 2022