Server Side Template Injection (SSTI) The advisory has been revoked - it doesn't affect any version of package jinja2 Open this link in a new tab

Threat Intelligence

Mature

3.49% (92^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-JINJA2-173701
published 17 Feb 2019
disclosed 15 Feb 2019
credit Jameel Nabbo

Report a new vulnerability Found a mistake?

Introduced: 15 Feb 2019

CVE-2019-8341 Open this link in a new tab CWE-79 Open this link in a new tab

Overview

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

References

Exploit DB
GitHub Report
RedHat Bugzilla Bug